1848444 – (CVE-2019-20838) CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

Bug 1848444 (CVE-2019-20838) - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

Summary: CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-20838
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1848445 1848446 1852252 1980114
Blocks:	1848447
TreeView+	depends on / blocked

Reported:	2020-06-18 11:26 UTC by Dhananjay Arunesh
Modified:	2021-11-10 17:18 UTC (History)
CC List:	19 users (show)
Fixed In Version:	pcre 8.43
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-11-02 17:06:12 UTC

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4373	None	None	None	2021-11-09 18:29:13 UTC
Red Hat Product Errata	RHSA-2021:4613	None	None	None	2021-11-10 17:14:19 UTC
Red Hat Product Errata	RHSA-2021:4614	None	None	None	2021-11-10 17:18:12 UTC

Description Dhananjay Arunesh 2020-06-18 11:26:43 UTC

A vulnerability was found in libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

References:
https://bugs.gentoo.org/717920
https://www.pcre.org/original/changelog.txt

Comment 1 Dhananjay Arunesh 2020-06-18 11:27:24 UTC

Created mingw-pcre tracking bugs for this issue:

Affects: fedora-all [bug 1848446]


Created pcre tracking bugs for this issue:

Affects: fedora-all [bug 1848445]

Comment 2 Petr Pisar 2020-06-18 13:03:37 UTC

Upstream fix <https://vcs.pcre.org/pcre?view=revision&revision=1740>.

Comment 4 Todd Cullum 2020-06-29 22:22:54 UTC

The flaw is in the file pcre_jit_compile.c routine, compile_iterator_matchingpath(). The affected code is not in versions of pcre shipped with Red Hat Enterprise Linux 5, 6, or 7.

Comment 10 Todd Cullum 2020-07-09 17:38:10 UTC

Upstream bug report for this is: https://bugs.exim.org/show_bug.cgi?id=2320

Comment 11 Todd Cullum 2020-07-09 18:04:28 UTC

Mitigation:

Do not use more than one fixed quantifier with \R or \X with UTF disabled in PCRE or PCRE2, as these are the conditions needed to trigger the flaw.

Comment 15 errata-xmlrpc 2021-11-09 18:29:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4373 https://access.redhat.com/errata/RHSA-2021:4373

Comment 16 errata-xmlrpc 2021-11-10 17:14:17 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2021:4613 https://access.redhat.com/errata/RHSA-2021:4613

Comment 17 errata-xmlrpc 2021-11-10 17:18:10 UTC

This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2021:4614 https://access.redhat.com/errata/RHSA-2021:4614

Note You need to log in before you can comment on or make changes to this bug.