CVE-2019-20838

Published: Jun 15, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Affected (5)

Products: Pcre: Pcre · Apple: Macos · Splunk: Universal Forwarder

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pcre Pcre	Before 8.43

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 11.0.1

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Splunk Universal Forwarder	From 8.2.0 to 8.2.12
Splunk Universal Forwarder	From 9.0.0 to 9.0.6
Splunk Universal Forwarder	Version 9.1.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (14)

http://seclists.org/fulldisclosure/2020/Dec/32

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Feb/14

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.gentoo.org/717920

Source: cve@mitre.org

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://support.apple.com/kb/HT211931

Source: cve@mitre.org

Vendor Advisory

https://support.apple.com/kb/HT212147

Source: cve@mitre.org

Vendor Advisory

https://www.pcre.org/original/changelog.txt

Source: cve@mitre.org

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2020/Dec/32