Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-UBUNTU1804-PCRE2-548921
- published 14 Feb 2020
- disclosed 14 Feb 2020
How to fix?
There is no fixed version for
Note: Versions mentioned in the description apply only to the upstream
pcre2 package and not the
pcre2 package as distributed by
How to fix? for
Ubuntu:18.04 relevant fixed versions and status.
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.