An out-of-bounds read was discovered in PCRE before 10.34 when the pattern X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
Gentoo Linux Security Advisory 202006-16 - A vulnerability in PCRE2 could lead to a Denial of Service condition. Versions less than 10.34 are affected.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed