An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-14T00:00:00
Updated: 2024-08-05T02:39:09.902Z
Reserved: 2020-02-14T00:00:00
Link: CVE-2019-20454
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-14T14:15:10.593
Modified: 2024-11-21T04:38:31.003
Link: CVE-2019-20454
Redhat