pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpcre3": "1:8.31-2ubuntu2.2", "libpcrecpp0-dbgsym": "1:8.31-2ubuntu2.2", "libpcre3-udeb": "1:8.31-2ubuntu2.2", "libpcre3-dev-dbgsym": "1:8.31-2ubuntu2.2", "libpcre3-dbgsym": "1:8.31-2ubuntu2.2", "libpcre3-udeb-dbgsym": "1:8.31-2ubuntu2.2", "pcregrep": "1:8.31-2ubuntu2.2", "pcregrep-dbgsym": "1:8.31-2ubuntu2.2", "libpcre3-dbg": "1:8.31-2ubuntu2.2", "libpcrecpp0": "1:8.31-2ubuntu2.2", "libpcre3-dev": "1:8.31-2ubuntu2.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpcre32-3": "2:8.38-3", "pcregrep-dbgsym": "2:8.38-3", "libpcre16-3": "2:8.38-3", "libpcrecpp0v5-dbgsym": "2:8.38-3", "libpcre3-dbg": "2:8.38-3", "libpcre3": "2:8.38-3", "libpcre32-3-dbgsym": "2:8.38-3", "libpcre3-udeb": "2:8.38-3", "libpcre3-dev-dbgsym": "2:8.38-3", "libpcre3-dbgsym": "2:8.38-3", "libpcre3-udeb-dbgsym": "2:8.38-3", "pcregrep": "2:8.38-3", "libpcre16-3-dbgsym": "2:8.38-3", "libpcre3-dev": "2:8.38-3", "libpcrecpp0v5": "2:8.38-3" } ] }