pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libpcre3", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcre3-dev", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "libpcrecpp0", "binary_version": "1:8.31-2ubuntu2.2" }, { "binary_name": "pcregrep", "binary_version": "1:8.31-2ubuntu2.2" } ] }