CVE-2019-20454

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 10.34

Description An out-of-bounds read was discovered in PCRE when the pattern X is JIT compiled and used to match specially crafted subjects in non-UTF mode. This issue affects applications that use PCRE to parse untrusted input, allowing an attacker to crash the application. The flaw occurs in the do extuni no utf function in pcre2 jit compile.c.

Recommendations For versions prior to 10.34, update to version 10.34 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the X pattern in JIT compiled regular expressions until a patch is available. Restrict access to untrusted input to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:3662

ALSA-2020:4539

ALT-PU-2019-3185

ALT-PU-2022-1985

BDU:2023-02640

CESA-2020_3662

CESA-2020_4539

CVE-2019-20454

DLA-3363-1

MGASA-2020-0305

OPENSUSE-SU-2022:2649-1

OPENSUSE-SU-2022_2649-1

RHSA-2020:3662

RHSA-2020:4539

RHSA-2020_3662

RHSA-2020_4539

RLSA-2020:3662

RLSA-2020:4539

SUSE-SU-2022:2649-1

SUSE-SU-2022_2649-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Pcre

Red Hat

Rocky Linux

Suse

CVE-2019-20454

Weakness Enumeration

Related Identifiers

Affected Products

References · 208