UBUNTU-CVE-2019-20454
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2019-20454
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20454.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-20454
- Related
- Published
- 2020-02-14T14:15:00Z
- Modified
- 2020-02-14T14:15:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in doextuninoutf in pcre2jit_compile.c.
- References
Affected packages
Ubuntu:Pro:18.04:LTS / pcre2
Package
- Name
- pcre2
Ubuntu:20.04:LTS / pcre2
Package
- Name
- pcre2
- Purl
- pkg:deb/ubuntu/pcre2@10.34-7?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.34-7
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libpcre2-posix2-dbgsym": "10.34-7",
"libpcre2-32-0": "10.34-7",
"libpcre2-dev": "10.34-7",
"libpcre2-32-0-dbgsym": "10.34-7",
"libpcre2-16-0": "10.34-7",
"libpcre2-8-0-udeb": "10.34-7",
"libpcre2-16-0-dbgsym": "10.34-7",
"pcre2-utils-dbgsym": "10.34-7",
"libpcre2-8-0-dbgsym": "10.34-7",
"libpcre2-posix2": "10.34-7",
"libpcre2-8-0": "10.34-7",
"pcre2-utils": "10.34-7"
}
]
}