Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-20838

Опубликовано: 15 июн. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Меры по смягчению последствий

Do not use more than one fixed quantifier with \R or \X with UTF disabled in PCRE or PCRE2, as these are the conditions needed to trigger the flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/management-ingress-rhel8Fix deferred
Red Hat Enterprise Linux 6pcreNot affected
Red Hat Enterprise Linux 7pcreNot affected
JBoss Core Services for RHEL 8jbcs-httpd24-aprFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-apr-utilFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-curlFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-httpdFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-mod_cluster-nativeFixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-mod_http2FixedRHSA-2021:461410.11.2021
JBoss Core Services for RHEL 8jbcs-httpd24-mod_jkFixedRHSA-2021:461410.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1848444pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

EPSS

Процентиль: 43%
0.00204
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-20838

CVSS3: 7.5
ubuntu
около 5 лет назад

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

nvd логотип

CVE-2019-20838

CVSS3: 7.5
nvd
около 5 лет назад

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

msrc логотип

CVE-2019-20838

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-20838

CVSS3: 7.5
debian
около 5 лет назад

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...

github логотип

GHSA-689f-qv4w-xgqf

CVSS3: 7.5
github
около 3 лет назад

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

EPSS

Процентиль: 43%
0.00204
Низкий

7.5 High

CVSS3