Security Advisories (1)
CVE-2019-20454 (2020-02-14)

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.

Changes for version 2.0.10 - 2017-05-12

  • Jean-Damien Durand <jeandamiendurand@free.fr>
    • src/marpaESLIF.c: better traces, fixed comment saying that // is never regonizeed as a valid regexp [ci skip]
    • Case of empty strings, this is generating an empty PCRE2 pattern [ci skip]
    • Use memcmp() for explicit strings without modifiers [ci skip]
    • BNF/README.pod: :discard[on] and :discard[off] correctness [ci skip]

Modules

ESLIF is Extended ScanLess InterFace
ESLIF Event Types
ESLIF Logger levels
ESLIF Value Types