CVE-2019-20838

HIGH7.5EPSS 0.23%

Published: 6/15/2020Modified: 4/28/2026

Also known as:DEBIAN-CVE-2019-20838

Description

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Affected packages (1)

Debian/pcre3from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-20838