Lucene search
PRIOn knowledge basePRION:CVE-2019-20454HistoryFeb 14, 2020 - 2:15 p.m.
Input validation
2020-02-1414:15:00
PRIOn knowledge base
www.prio-n.com
9
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
References
bugs.exim.org/show_bug.cgi?id=2421
bugs.php.net/bug.php?id=78338
bugzilla.redhat.com/show_bug.cgi?id=1735494
lists.debian.org/debian-lts-announce/2023/03/msg00014.html
lists.fedoraproject.org/archives/list/[email protected]/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/
security.gentoo.org/glsa/202006-16
vcs.pcre.org/pcre2?view=revision&revision=1092
Related
openvas
openvas
Huawei EulerOS: Security Advisory for pcre2 (EulerOS-SA-2020-1702)
2020-06-26 00:00:00
Fedora: Security Advisory for mingw-pcre2 (FEDORA-2020-b11cf352bd)
2020-07-12 00:00:00
Mageia: Security Advisory (MGASA-2020-0305)
2022-01-28 00:00:00
nessus
nessus
CentOS 8 : pcre2 (CESA-2020:4539)
2021-02-01 00:00:00
Rocky Linux 8 : pcre2 (RLSA-2020:4539)
2023-11-07 00:00:00
Fedora 31 : mingw-pcre2 (2020-b11cf352bd)
2020-07-09 00:00:00
almalinux
almalinux
Moderate: pcre2 security and enhancement update
2020-11-03 12:13:54
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
osv
osv
Moderate: pcre2 security and enhancement update
2020-11-03 12:13:54
CVE-2019-20454
2020-02-14 14:15:10
Moderate: pcre2 security and enhancement update
2020-11-03 12:13:54
redhatcve
redhatcve
CVE-2019-20454
2020-02-14 14:37:56
CVE-2019-20838
2020-06-18 11:55:13
redhat
redhat
(RHSA-2020:4539) Moderate: pcre2 security and enhancement update
2020-11-03 12:13:54
(RHSA-2020:3662) Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
(RHSA-2021:0146) Moderate: Release of OpenShift Serverless 1.12.0
2021-01-14 13:24:22
cve
cve
CVE-2019-20454
2020-02-14 14:15:10
CVE-2019-20838
2020-06-15 17:15:09
rocky
rocky
pcre2 security and enhancement update
2020-11-03 12:13:54
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
cvelist
cvelist
CVE-2019-20454
2020-02-14 00:00:00
CVE-2019-20838
2020-06-15 16:50:48
oraclelinux
oraclelinux
pcre2 security and enhancement update
2020-11-10 00:00:00
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: mingw-pcre2-10.33-3.fc31
2020-07-09 01:07:27
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:19:20
ubuntucve
ubuntucve
CVE-2019-20454
2020-02-14 00:00:00
CVE-2019-20838
2020-06-15 00:00:00
nvd
nvd
CVE-2019-20454
2020-02-14 14:15:10
CVE-2019-20838
2020-06-15 17:15:09
mageia
mageia
Updated pcre2 packages fix security vulnerability
2020-08-01 02:25:42
debiancve
debiancve
CVE-2019-20454
2020-02-14 14:15:10
CVE-2019-20838
2020-06-15 17:15:09
gentoo
gentoo
PCRE2: Denial of service
2020-06-15 00:00:00
suse
suse
Security update for pcre2 (important)
2022-09-01 00:00:00
Security update for pcre2 (important)
2022-08-03 00:00:00
prion
prion
Design/Logic Flaw
2020-06-15 17:15:00
debian
debian
[SECURITY] [DLA 3363-1] pcre2 security update
2023-03-16 02:35:51
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
