Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:4539

Опубликовано: 03 нояб. 2020
Источник: rocky
Оценка: Moderate

Описание

Moderate: pcre2 security and enhancement update

The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl.

Security Fix(es):

  • pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
pcre2i6862.el8pcre2-10.32-2.el8.i686.rpm
pcre2x86_642.el8pcre2-10.32-2.el8.x86_64.rpm
pcre2-develi6862.el8pcre2-devel-10.32-2.el8.i686.rpm
pcre2-develx86_642.el8pcre2-devel-10.32-2.el8.x86_64.rpm
pcre2-utf16i6862.el8pcre2-utf16-10.32-2.el8.i686.rpm
pcre2-utf16x86_642.el8pcre2-utf16-10.32-2.el8.x86_64.rpm
pcre2-utf32i6862.el8pcre2-utf32-10.32-2.el8.i686.rpm
pcre2-utf32x86_642.el8pcre2-utf32-10.32-2.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2019-20454

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2019-20454

CVSS3: 7.5
ubuntu
почти 6 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

redhat логотип

CVE-2019-20454

CVSS3: 7.5
redhat
больше 6 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

nvd логотип

CVE-2019-20454

CVSS3: 7.5
nvd
почти 6 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

debian логотип

CVE-2019-20454

CVSS3: 7.5
debian
почти 6 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...

github логотип

GHSA-6wcm-vmc4-h93p

CVSS3: 7.5
github
больше 3 лет назад

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.