system/pcre2: CVE-2019-20454: out-of-bounds read in do_extuni_no_utf
Bugzilla ID | 242 |
Alias(es) | CVE-2019-20454 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-03-03 17:35:40 -0600 |
Modified | 2020-03-29 02:26:44 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20454 |
Description
An out-of-bounds read was discovered in PCRE before 10.34 when the
pattern \X is JIT compiled and used to match specially crafted
subjects in non-UTF mode. Applications that use PCRE to parse
untrusted input may be vulnerable to this flaw, which would allow an
attacker to crash the application. The flaw occurs in do_extuni_no_utf
in pcre2_jit_compile.c.