Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2020-0305 Moderate: PCRE JIT Compilation Application Crash

mageia
Calendar Grey July 31, 2020
Dist Mageia Esm H88
The recent Mageia patch for OpenSSL resolves a critical buffer overflow vulnerability, essential for ensuring system integrity.
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode

Summary

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. (CVE-2019-20454)

References

- https://bugs.mageia.org/show_bug.cgi?id=26932

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/

- https://www.cve.org/CVERecord?id=CVE-2019-20454

Topics%20covered

Topics Covered

security advisory security update application crash out-of-bounds PCRE Mageia JIT compilation

Resolution

SRPMS

- 7/core/pcre2-10.33-1.2.mga7

Publication date: 31 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0305.html
Type: security
CVE: CVE-2019-20454

Topics%20covered

Topics Covered

security advisory security update application crash out-of-bounds PCRE Mageia JIT compilation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here