CVE Catalog

CVE-2019-20838

Low
Published: Translated: NVD NIST

Summary

A vulnerability in PCRE before version 8.43 allows a subject buffer over-read in JIT when UTF is disabled and \X or \R has more than one fixed quantifier, related to CVE-2019-20454.

Risk Assessment

An attacker could exploit this vulnerability to read data beyond the allocated buffer, potentially leading to disclosure of sensitive information or system instability.

Recommendation

Update PCRE to version 8.43 or later. If updating is not possible, disable JIT mode or avoid patterns with multiple fixed quantifiers for \X and \R.

Original NVD description (English source)

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS