QwikSec

Security Database

CVE

CWE

Training

CVE-2019-20454

Published: Feb 14, 2020

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.1

MEDIUM

Description

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AC:H/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N

Attack Complexity

High

Attack Vector

Local

Availability

High

Confidentiality

None

Integrity

None

Privileges Required

None

Scope

Unchanged

User Interaction

None

References

https://bugs.exim.org/show_bug.cgi?id=2421

https://bugs.php.net/bug.php?id=78338

https://vcs.pcre.org/pcre2?view=revision&revision=1092

https://bugzilla.redhat.com/show_bug.cgi?id=1735494

vendor-advisory

FEDORA-2020-b11cf352bd

vendor-advisory

[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.