{"id":"JLSEC-2026-176","details":"libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.","modified":"2026-04-22T20:39:54.468620Z","published":"2026-04-22T20:20:10.334Z","upstream":["CVE-2019-20838"],"database_specific":{"sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20838","id":"CVE-2019-20838","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-20838","published":"2020-06-15T17:15:09.683Z","imported":"2026-04-22T18:38:35.548Z","database_specific":{"status":"Modified"},"modified":"2024-11-21T04:39:29.857Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2021/Feb/14"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2021/Feb/14"},{"type":"WEB","url":"https://bugs.gentoo.org/717920"},{"type":"WEB","url":"https://bugs.gentoo.org/717920"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"type":"WEB","url":"https://support.apple.com/kb/HT211931"},{"type":"WEB","url":"https://support.apple.com/kb/HT211931"},{"type":"WEB","url":"https://support.apple.com/kb/HT212147"},{"type":"WEB","url":"https://support.apple.com/kb/HT212147"},{"type":"WEB","url":"https://www.pcre.org/original/changelog.txt"},{"type":"WEB","url":"https://www.pcre.org/original/changelog.txt"}],"affected":[{"package":{"name":"PCRE_jll","ecosystem":"Julia","purl":"pkg:julia/PCRE_jll?uuid=2f80f16e-611a-54ab-bc61-aa92de5b98fc"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.44.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-176.json"}}],"schema_version":"1.7.5"}