Bug 1848444 (CVE-2019-20838) - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
Summary: CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-20838
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1848445 1848446 1852252 1980114
Blocks: 1848447
TreeView+ depends on / blocked
 
Reported: 2020-06-18 11:26 UTC by Dhananjay Arunesh
Modified: 2021-11-10 17:18 UTC (History)
19 users (show)

Fixed In Version: pcre 8.43
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-02 17:06:12 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4373 0 None None None 2021-11-09 18:29:13 UTC
Red Hat Product Errata RHSA-2021:4613 0 None None None 2021-11-10 17:14:19 UTC
Red Hat Product Errata RHSA-2021:4614 0 None None None 2021-11-10 17:18:12 UTC

Description Dhananjay Arunesh 2020-06-18 11:26:43 UTC
A vulnerability was found in libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

References:
https://bugs.gentoo.org/717920
https://www.pcre.org/original/changelog.txt

Comment 1 Dhananjay Arunesh 2020-06-18 11:27:24 UTC
Created mingw-pcre tracking bugs for this issue:

Affects: fedora-all [bug 1848446]


Created pcre tracking bugs for this issue:

Affects: fedora-all [bug 1848445]

Comment 2 Petr Pisar 2020-06-18 13:03:37 UTC
Upstream fix <https://vcs.pcre.org/pcre?view=revision&revision=1740>.

Comment 4 Todd Cullum 2020-06-29 22:22:54 UTC
The flaw is in the file pcre_jit_compile.c routine, compile_iterator_matchingpath(). The affected code is not in versions of pcre shipped with Red Hat Enterprise Linux 5, 6, or 7.

Comment 10 Todd Cullum 2020-07-09 17:38:10 UTC
Upstream bug report for this is: https://bugs.exim.org/show_bug.cgi?id=2320

Comment 11 Todd Cullum 2020-07-09 18:04:28 UTC
Mitigation:

Do not use more than one fixed quantifier with \R or \X with UTF disabled in PCRE or PCRE2, as these are the conditions needed to trigger the flaw.

Comment 15 errata-xmlrpc 2021-11-09 18:29:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4373 https://access.redhat.com/errata/RHSA-2021:4373

Comment 16 errata-xmlrpc 2021-11-10 17:14:17 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2021:4613 https://access.redhat.com/errata/RHSA-2021:4613

Comment 17 errata-xmlrpc 2021-11-10 17:18:10 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2021:4614 https://access.redhat.com/errata/RHSA-2021:4614


Note You need to log in before you can comment on or make changes to this bug.