CVE-2019-20838Out-of-bounds Read in Pcre

CWE-125Out-of-bounds Read13 documents10 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 46.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple MacosPcreSplunk Universal Forwarder
Timeline
PublishedJun 15
Latest updateMay 24

Description

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDpcre/pcre< 8.43
NVDapple/macos< 11.0.1
NVDsplunk/universal_forwarder8.2.08.2.12+2

Patches

Patch: bugs.gentoo.orgPatch: bugs.gentoo.org

🔴Vulnerability Details

4
GHSA
GHSA-689f-qv4w-xgqf: libpcre in PCRE before 82022-05-24
OSV
pcre3 vulnerabilities2022-05-17
CVEList
CVE-2019-20838: libpcre in PCRE before 82020-06-15
OSV
CVE-2019-20838: libpcre in PCRE before 82020-06-15

📋Vendor Advisories

5
Ubuntu
PCRE vulnerabilities2022-05-17
Apple
CVE-2019-20838: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave2021-02-01
Red Hat
pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 12020-06-15
Microsoft
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled and \X or \R has more than one fixed quantifier a related issue to CVE-2019-20454.2020-06-09
Debian
CVE-2019-20838: pcre3 - libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is...2019

💬Community

3
Bugzilla
CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 12020-06-18
Bugzilla
CVE-2019-20838 pcre: buffer over-read in JIT when UTF is disabled [fedora-all]2020-06-18
Bugzilla
CVE-2019-20838 mingw-pcre: pcre: buffer over-read in JIT when UTF is disabled [fedora-all]2020-06-18
CVE-2019-20838 — Out-of-bounds Read in Pcre | cvebase