CVE-2019-20838
CVE Details
Visit the official vulnerability details page for CVE-2019-20838 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libpcre3
NIST CVE Summary
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
CVE Severity
Our Official Summary
Libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled. Containers where this vulnerability is reported do not allow execution of arbitrary code and this cannot be exploited through remote execution. Even then risk of exploitation is low since containers restrict the attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/12/2024 | Official summary added |