An out-of-bounds read exists in PCRE prior to 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an malicious user to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pcre pcre2 |
||
fedoraproject fedora 31 |
||
splunk universal forwarder 9.1.0 |
||
splunk universal forwarder |