{"id":"USN-5425-1","summary":"pcre3 vulnerabilities","details":"Yunho Kim discovered that PCRE incorrectly handled memory when \nhandling certain regular expressions. An attacker could possibly use\nthis issue to cause applications using PCRE to expose sensitive\ninformation. This issue only affects Ubuntu 18.04 LTS, \nUbuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)\n\nIt was discovered that PCRE incorrectly handled memory when \nhandling certain regular expressions. An attacker could possibly use\nthis issue to cause applications using PCRE to have unexpected \nbehavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,\nUbuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)\n","modified":"2026-05-20T16:03:13.849614116Z","published":"2022-05-17T15:31:52Z","related":["UBUNTU-CVE-2019-20838","UBUNTU-CVE-2020-14155"],"upstream":["CVE-2019-20838","CVE-2020-14155","UBUNTU-CVE-2019-20838","UBUNTU-CVE-2020-14155"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5425-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-20838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14155"}],"affected":[{"package":{"name":"pcre3","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/pcre3?arch=source&distro=trusty%2Fesm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:8.31-2ubuntu2.3+esm1"}]}],"versions":["1:8.31-2","1:8.31-2ubuntu2","1:8.31-2ubuntu2.1","1:8.31-2ubuntu2.2","1:8.31-2ubuntu2.3"],"ecosystem_specific":{"binaries":[{"binary_name":"libpcre3","binary_version":"1:8.31-2ubuntu2.3+esm1"},{"binary_name":"libpcrecpp0","binary_version":"1:8.31-2ubuntu2.3+esm1"},{"binary_name":"pcregrep","binary_version":"1:8.31-2ubuntu2.3+esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2020-14155","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5425-1.json"}},{"package":{"name":"pcre3","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/pcre3?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.38-3.1ubuntu0.1~esm1"}]}],"versions":["2:8.35-7.1ubuntu1","2:8.38-1ubuntu1","2:8.38-3","2:8.38-3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"pcregrep","binary_version":"2:8.38-3.1ubuntu0.1~esm1"},{"binary_name":"libpcre3","binary_version":"2:8.38-3.1ubuntu0.1~esm1"},{"binary_name":"libpcrecpp0v5","binary_version":"2:8.38-3.1ubuntu0.1~esm1"},{"binary_name":"libpcre16-3","binary_version":"2:8.38-3.1ubuntu0.1~esm1"},{"binary_name":"libpcre32-3","binary_version":"2:8.38-3.1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5425-1.json"}},{"package":{"name":"pcre3","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/pcre3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.39-9ubuntu0.1"}]}],"versions":["2:8.39-5ubuntu3","2:8.39-8","2:8.39-9"],"ecosystem_specific":{"binaries":[{"binary_name":"libpcre16-3","binary_version":"2:8.39-9ubuntu0.1"},{"binary_name":"libpcre3","binary_version":"2:8.39-9ubuntu0.1"},{"binary_name":"libpcre32-3","binary_version":"2:8.39-9ubuntu0.1"},{"binary_name":"libpcrecpp0v5","binary_version":"2:8.39-9ubuntu0.1"},{"binary_name":"pcregrep","binary_version":"2:8.39-9ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2019-20838","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-14155","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5425-1.json"}},{"package":{"name":"pcre3","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/pcre3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.39-12ubuntu0.1"}]}],"versions":["2:8.39-12","2:8.39-12build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libpcre16-3","binary_version":"2:8.39-12ubuntu0.1"},{"binary_name":"libpcre3","binary_version":"2:8.39-12ubuntu0.1"},{"binary_name":"libpcre32-3","binary_version":"2:8.39-12ubuntu0.1"},{"binary_name":"libpcrecpp0v5","binary_version":"2:8.39-12ubuntu0.1"},{"binary_name":"pcregrep","binary_version":"2:8.39-12ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2019-20838","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-14155","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5425-1.json"}},{"package":{"name":"pcre3","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/pcre3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.39-13ubuntu0.22.04.1"}]}],"versions":["2:8.39-13build3","2:8.39-13build4","2:8.39-13build5"],"ecosystem_specific":{"binaries":[{"binary_name":"libpcre16-3","binary_version":"2:8.39-13ubuntu0.22.04.1"},{"binary_name":"libpcre3","binary_version":"2:8.39-13ubuntu0.22.04.1"},{"binary_name":"libpcre32-3","binary_version":"2:8.39-13ubuntu0.22.04.1"},{"binary_name":"libpcrecpp0v5","binary_version":"2:8.39-13ubuntu0.22.04.1"},{"binary_name":"pcregrep","binary_version":"2:8.39-13ubuntu0.22.04.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2019-20838","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5425-1.json"}}],"schema_version":"1.7.5"}