Security
Security
A vulnerability in PCRE2 could lead to a Denial of Service condition.
| Package | net-libs/pcre2 on all architectures |
|---|---|
| Affected versions | < 10.34 |
| Unaffected versions | >= 10.34 |
PCRE2 is a project based on PCRE (Perl Compatible Regular Expressions) which has a new and revised API.
PCRE2 has a flaw when handling JIT-compiled regex using the \X pattern.
An attacker could cause a possible Denial of Service condition.
There is no known workaround at this time.
All PCRE2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/pcre2-10.34"
Release date
June 15, 2020
Latest revision
June 15, 2020: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries