ALT-PU-2019-3185-1
Closed vulnerabilities
Published: 2019-07-28
BDU:2023-02640
Уязвимость функции do_extuni_no_utf компонента pcre2_jit_compile.c библиотеки регулярных выражений PCRE2, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-02-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-20454
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://bugs.exim.org/show_bug.cgi?id=2421
- https://bugs.exim.org/show_bug.cgi?id=2421
- https://bugs.php.net/bug.php?id=78338
- https://bugs.php.net/bug.php?id=78338
- https://bugzilla.redhat.com/show_bug.cgi?id=1735494
- https://bugzilla.redhat.com/show_bug.cgi?id=1735494
- [debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update
- [debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update
- FEDORA-2020-b11cf352bd
- FEDORA-2020-b11cf352bd
- GLSA-202006-16
- GLSA-202006-16
- https://vcs.pcre.org/pcre2?view=revision&revision=1092
- https://vcs.pcre.org/pcre2?view=revision&revision=1092