Your submission was sent successfully! Close

CVE-2019-20838

Published: 15 June 2020

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
pcre3
Launchpad, Ubuntu, Debian
bionic
Released (2:8.39-9ubuntu0.1)
eoan Ignored
(reached end-of-life)
focal
Released (2:8.39-12ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish
Released (2:8.39-13ubuntu0.21.10.1)
jammy
Released (2:8.39-13ubuntu0.22.04.1)
kinetic Needed

precise Ignored
(end of ESM support, was needed)
trusty Not vulnerable
(code not present)
upstream
Released (8.43)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://vcs.pcre.org/pcre?view=revision&revision=1740