CVE-2019-20454 - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and us

CVE-2019-20454

Summary

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

References

Vulnerable Configurations

cpe:2.3:a:pcre:pcre2:10.31:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:10.31:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:10.32:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:10.32:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:10.33:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:10.33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.3:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.3:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.5:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.0.5:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.8:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.8:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.9:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.9:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.10:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.10:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.11:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:8.2.11:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 27-03-2024 - 16:05)
Impact:
Exploitability:

CWE

CWE-125

CAPEC

Infiltration of Hardware Development Environment
An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1822698
title	Add pcre2-tools package to CodeReady Builder repository

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment pcre2 is earlier than 0:10.32-2.el8
oval oval:com.redhat.rhsa:tst:20204539001
comment pcre2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204539002

AND

comment pcre2-debugsource is earlier than 0:10.32-2.el8
oval oval:com.redhat.rhsa:tst:20204539003
comment pcre2-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204539004

AND
comment pcre2-devel is earlier than 0:10.32-2.el8
oval oval:com.redhat.rhsa:tst:20204539005
comment pcre2-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204539006
AND
comment pcre2-tools is earlier than 0:10.32-2.el8
oval oval:com.redhat.rhsa:tst:20204539007
comment pcre2-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204539008
AND
comment pcre2-utf16 is earlier than 0:10.32-2.el8
oval oval:com.redhat.rhsa:tst:20204539009
comment pcre2-utf16 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204539010
AND
comment pcre2-utf32 is earlier than 0:10.32-2.el8
oval oval:com.redhat.rhsa:tst:20204539011
comment pcre2-utf32 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204539012

rhsa

id	RHSA-2020:4539
released	2020-11-04
severity	Moderate
title	RHSA-2020:4539: pcre2 security and enhancement update (Moderate)

rpms

apcu-panel-0:5.1.17-1.module+el8.1.0+3189+a1bff096
libzip-0:1.5.2-1.module+el8.1.0+3189+a1bff096
libzip-debuginfo-0:1.5.2-1.module+el8.1.0+3189+a1bff096
libzip-debugsource-0:1.5.2-1.module+el8.1.0+3189+a1bff096
libzip-devel-0:1.5.2-1.module+el8.1.0+3189+a1bff096
libzip-tools-0:1.5.2-1.module+el8.1.0+3189+a1bff096
libzip-tools-debuginfo-0:1.5.2-1.module+el8.1.0+3189+a1bff096
php-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-bcmath-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-bcmath-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-cli-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-cli-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-common-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-common-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-dba-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-dba-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-dbg-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-dbg-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-debugsource-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-devel-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-embedded-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-embedded-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-enchant-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-enchant-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-fpm-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-fpm-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-gd-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-gd-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-gmp-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-gmp-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-intl-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-intl-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-json-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-json-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-ldap-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-ldap-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-mbstring-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-mbstring-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-mysqlnd-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-mysqlnd-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-odbc-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-odbc-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-opcache-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-opcache-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-pdo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-pdo-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-pear-1:1.10.9-1.module+el8.1.0+3189+a1bff096
php-pecl-apcu-0:5.1.17-1.module+el8.1.0+3189+a1bff096
php-pecl-apcu-debuginfo-0:5.1.17-1.module+el8.1.0+3189+a1bff096
php-pecl-apcu-debugsource-0:5.1.17-1.module+el8.1.0+3189+a1bff096
php-pecl-apcu-devel-0:5.1.17-1.module+el8.1.0+3189+a1bff096
php-pecl-rrd-0:2.0.1-1.module+el8.2.0+4968+1d5097db
php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.2.0+4968+1d5097db
php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.2.0+4968+1d5097db
php-pecl-xdebug-0:2.8.0-1.module+el8.2.0+4968+1d5097db
php-pecl-xdebug-debuginfo-0:2.8.0-1.module+el8.2.0+4968+1d5097db
php-pecl-xdebug-debugsource-0:2.8.0-1.module+el8.2.0+4968+1d5097db
php-pecl-zip-0:1.15.4-1.module+el8.1.0+3189+a1bff096
php-pecl-zip-debuginfo-0:1.15.4-1.module+el8.1.0+3189+a1bff096
php-pecl-zip-debugsource-0:1.15.4-1.module+el8.1.0+3189+a1bff096
php-pgsql-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-pgsql-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-process-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-process-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-recode-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-recode-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-snmp-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-snmp-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-soap-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-soap-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-xml-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-xml-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-xmlrpc-0:7.3.20-1.module+el8.2.0+7373+b272fdef
php-xmlrpc-debuginfo-0:7.3.20-1.module+el8.2.0+7373+b272fdef
pcre2-0:10.32-2.el8
pcre2-debuginfo-0:10.32-2.el8
pcre2-debugsource-0:10.32-2.el8
pcre2-devel-0:10.32-2.el8
pcre2-tools-0:10.32-2.el8
pcre2-tools-debuginfo-0:10.32-2.el8
pcre2-utf16-0:10.32-2.el8
pcre2-utf16-debuginfo-0:10.32-2.el8
pcre2-utf32-0:10.32-2.el8
pcre2-utf32-debuginfo-0:10.32-2.el8

refmap via4

fedora	FEDORA-2020-b11cf352bd
gentoo	GLSA-202006-16
misc	https://bugs.exim.org/show_bug.cgi?id=2421 https://bugs.php.net/bug.php?id=78338 https://bugzilla.redhat.com/show_bug.cgi?id=1735494 https://vcs.pcre.org/pcre2?view=revision&revision=1092

Last major update

27-03-2024 - 16:05

Published

14-02-2020 - 14:15

Last modified

27-03-2024 - 16:05