Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-20454

Опубликовано: 14 фев. 2020
Источник: debian
EPSS Низкий

Описание

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pcre2fixed10.34-1package
pcre2no-dsastretchpackage

Примечания

  • https://bugs.exim.org/show_bug.cgi?id=2421

  • https://bugs.php.net/bug.php?id=78338

  • Fixed by: https://vcs.pcre.org/pcre2?view=revision&revision=1092

  • Tests: https://vcs.pcre.org/pcre2?view=revision&revision=1091

EPSS

Процентиль: 24%
0.00077
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-20454

CVSS3: 7.5
ubuntu
больше 5 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

redhat логотип

CVE-2019-20454

CVSS3: 7.5
redhat
почти 6 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

nvd логотип

CVE-2019-20454

CVSS3: 7.5
nvd
больше 5 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

rocky логотип

RLSA-2020:4539

rocky
больше 4 лет назад

Moderate: pcre2 security and enhancement update

github логотип

GHSA-6wcm-vmc4-h93p

CVSS3: 7.5
github
около 3 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

EPSS

Процентиль: 24%
0.00077
Низкий