{"id":"ALSA-2021:4373","summary":"Low: pcre security update","details":"PCRE is a Perl-compatible regular expression library. \n\nSecurity Fix(es):\n\n* pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1 (CVE-2019-20838)\n\n* pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T02:28:43.717625Z","published":"2021-11-09T09:12:45Z","related":["CVE-2019-20838","CVE-2020-14155"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2021-4373.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-20838"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-14155"}],"affected":[{"package":{"name":"pcre","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcre"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.42-6.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4373.json"}},{"package":{"name":"pcre-cpp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcre-cpp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.42-6.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4373.json"}},{"package":{"name":"pcre-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcre-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.42-6.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4373.json"}},{"package":{"name":"pcre-static","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcre-static"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.42-6.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4373.json"}},{"package":{"name":"pcre-utf16","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcre-utf16"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.42-6.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4373.json"}},{"package":{"name":"pcre-utf32","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcre-utf32"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.42-6.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4373.json"}}],"schema_version":"1.7.3"}