CVE-2019-20838
First published: Mon Jun 15 2020(Updated: )
PCRE. Multiple issues were addressed by updating to version 8.44.
Credit: cve@mitre.org CVE-2019-20838 CVE-2020-14155 CVE-2019-20838 CVE-2020-14155 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 | |
| Pcre Pcre | <8.43 | |
| Apple macOS | <11.0.1 | |
| Apple macOS Big Sur | <11.2 | 11.2 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| redhat/pcre | <8.43 | 8.43 |
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185645
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
- http://seclists.org/fulldisclosure/2020/Dec/32
- http://seclists.org/fulldisclosure/2021/Feb/14
- https://bugs.gentoo.org/717920
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT212147
- https://www.pcre.org/original/changelog.txt
- https://support.apple.com/en-us/HT212147 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://access.redhat.com/security/cve/CVE-2019-20454
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1848446
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1848445
- https://vcs.pcre.org/pcre?view=revision&revision=1740
- https://bugs.exim.org/show_bug.cgi?id=2320
- https://access.redhat.com/errata/RHSA-2021:4373
- https://access.redhat.com/errata/RHSA-2021:4613
- https://access.redhat.com/errata/RHSA-2021:4614
- https://bugzilla.redhat.com/show_bug.cgi?id=1848444
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1761
- CVE-2021-1797
- CVE-2020-27945
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1787
- CVE-2021-1786
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1791
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1758
- CVE-2021-1783
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1773
- CVE-2021-1778
- CVE-2021-1736
- CVE-2021-1785
- CVE-2021-1766
- CVE-2021-1818
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1779
- CVE-2021-1757
- CVE-2020-27904
- CVE-2021-1764
- CVE-2021-1782
- CVE-2021-1750
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1765
- CVE-2021-1801
- CVE-2021-1789
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-9999
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-10002
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-9876
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-27920
- CVE-2020-27911
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
Frequently Asked Questions
What is CVE-2019-20838?
CVE-2019-20838 is a vulnerability in PCRE that can be exploited by a remote attacker to cause a denial of service by crashing the application.
What is the severity of CVE-2019-20838?
The severity of CVE-2019-20838 is high with a CVSS score of 7.5.
Which software versions are affected by CVE-2019-20838?
PCRE version 8.43 and earlier, Apple macOS Big Sur up to 11.2, Apple Catalina, Apple Mojave, IBM QRadar SIEM up to 7.5.0 GA, and IBM QRadar Vulnerability Manager up to 7.3.3 GA are affected by CVE-2019-20838.
How can I fix CVE-2019-20838?
Update to PCRE version 8.44, macOS Big Sur 11.0.1 or later, IBM QRadar SIEM 7.5.0 GA or later, or IBM QRadar Vulnerability Manager 7.3.3 GA or later to fix CVE-2019-20838.
Where can I find more information about CVE-2019-20838?
You can find more information about CVE-2019-20838 on the following references: [Apple Support](https://support.apple.com/en-us/HT212147), [Red Hat Security](https://access.redhat.com/security/cve/CVE-2019-20454), and [Gentoo Bugs](https://bugs.gentoo.org/717920).
- collector/ibm-support
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/apple-support
- alias/CVE-2020-14155
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-20838
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10
- vendor/pcre
- canonical/pcre pcre
- vendor/apple
- canonical/apple macos
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- package-manager/redhat
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0