CVE Catalog
CVE-2019-20838
LowSummary
A vulnerability in PCRE before version 8.43 allows a subject buffer over-read in JIT when UTF is disabled and \X or \R has more than one fixed quantifier, related to CVE-2019-20454.
Risk Assessment
An attacker could exploit this vulnerability to read data beyond the allocated buffer, potentially leading to disclosure of sensitive information or system instability.
Recommendation
Update PCRE to version 8.43 or later. If updating is not possible, disable JIT mode or avoid patterns with multiple fixed quantifiers for \X and \R.
Original NVD description (English source)
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

