CVE-2019-20454
First published: Sun Jul 28 2019(Updated: )
A flaw was found in libpcre. A buffer overread in JIT mode when \X is used in non-UTF mode may cause application crash and denial of service. The flaw is in function do_extuni_no_utf() in pcre2_jit_compile.c, which uses the macro GETCHARINC to read a character. However, in case there is an invalid UTF character the value read is too big, which causes an out-of-bounds read in the next statement, while executing macro UCD_GRAPHBREAK. References: <a href="https://bugs.exim.org/show_bug.cgi?id=2421">https://bugs.exim.org/show_bug.cgi?id=2421</a> <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1734468">https://bugzilla.redhat.com/show_bug.cgi?id=1734468</a> Upstream patch: <a href="http://git.php.net/?p=php-src.git;a=commitdiff;h=8947fd9e9fdce87cd6c59817b1db58e789538fe9">http://git.php.net/?p=php-src.git;a=commitdiff;h=8947fd9e9fdce87cd6c59817b1db58e789538fe9</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pcre2 | <0:10.32-2.el8 | 0:10.32-2.el8 |
| Pcre Pcre2 | >=10.31<10.34 | |
| Fedoraproject Fedora | =31 | |
| redhat/pcre | <10.34 | 10.34 |
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-20454 https://nvd.nist.gov/vuln/detail/CVE-2019-20454
- https://bugzilla.redhat.com/show_bug.cgi?id=1735494
- https://access.redhat.com/errata/RHSA-2020:3662
- https://access.redhat.com/errata/RHSA-2020:4539
- https://access.redhat.com/security/cve/CVE-2019-20454
- https://bugs.exim.org/show_bug.cgi?id=2421
- https://bugs.php.net/bug.php?id=78338
- https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/
- https://security.gentoo.org/glsa/202006-16
- https://vcs.pcre.org/pcre2?view=revision&revision=1092
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1734468
- http://git.php.net/?p=php-src.git;a=commitdiff;h=8947fd9e9fdce87cd6c59817b1db58e789538fe9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1735494#c0
- http://git.php.net/?p=php-src.git;a=commitdiff
- https://vcs.pcre.org/pcre2?view=revision&revision=1091
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1803178
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1803179
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1803177
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1803181
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1803176
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1803180
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1735494#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1735494#c14
- https://access.redhat.com/security/cve/cve-2019-20454
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/
Frequently Asked Questions
What is CVE-2019-20454?
CVE-2019-20454 is an out-of-bounds read vulnerability in PCRE that can lead to application crashes.
How does CVE-2019-20454 affect PCRE?
CVE-2019-20454 affects PCRE versions before 10.34 when the \X pattern is JIT compiled and used to match specially crafted subjects in non-UTF mode.
What is the severity of CVE-2019-20454?
CVE-2019-20454 has a severity rating of 7.5 (high).
How can CVE-2019-20454 be exploited?
CVE-2019-20454 can be exploited by an attacker using specially crafted subjects to crash applications that use PCRE for parsing untrusted input.
Is there a fix for CVE-2019-20454?
Yes, PCRE version 10.34 or higher includes a fix for CVE-2019-20454.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-20454
- agent/software-canonical-lookup
- agent/event
- collector/nvd-api
- source/NVD
- agent/references
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/pcre
- canonical/pcre pcre2
- version/pcre pcre2/10.31
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0