Unrated severityNVD Advisory· Published Jun 15, 2020· Updated Aug 5, 2024
CVE-2019-20838
CVE-2019-20838
Description
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
46- PCRE/libpcredescription
- osv-coords44 versionspkg:rpm/almalinux/pcrepkg:rpm/almalinux/pcre-cpppkg:rpm/almalinux/pcre-develpkg:rpm/almalinux/pcre-staticpkg:rpm/almalinux/pcre-utf16pkg:rpm/almalinux/pcre-utf32pkg:rpm/opensuse/pcre&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/pcre&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/pcre&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/pcre&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/pcre&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/pcre&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/pcre&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/pcre&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/selinux-policy&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/selinux-policy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/selinux-policy&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/selinux-policy&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/selinux-policy&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/selinux-policy&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 8.42-6.el8+ 43 more
- (no CPE)range: < 8.42-6.el8
- (no CPE)range: < 8.42-6.el8
- (no CPE)range: < 8.42-6.el8
- (no CPE)range: < 8.42-6.el8
- (no CPE)range: < 8.42-6.el8
- (no CPE)range: < 8.42-6.el8
- (no CPE)range: < 8.45-lp152.7.6.1
- (no CPE)range: < 8.45-20.10.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-20.10.1
- (no CPE)range: < 8.45-20.10.1
- (no CPE)range: < 8.45-20.10.1
- (no CPE)range: < 8.45-20.10.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 8.45-8.7.1
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
- (no CPE)range: < 20140730-36.5.2
Patches
Vulnerability mechanics
References
7- seclists.org/fulldisclosure/2020/Dec/32mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2021/Feb/14mitremailing-listx_refsource_FULLDISC
- bugs.gentoo.org/717920mitrex_refsource_MISC
- lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Emitremailing-listx_refsource_MLIST
- support.apple.com/kb/HT211931mitrex_refsource_CONFIRM
- support.apple.com/kb/HT212147mitrex_refsource_CONFIRM
- www.pcre.org/original/changelog.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.