CVE-2019-20454: Out-of-bounds Read

February 14, 2020 (updated July 9, 2020)

An out-of-bounds read was discovered in PCRE when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

References

nvd.nist.gov/vuln/detail/CVE-2019-20454

Detect and mitigate CVE-2019-20454 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →