0.01 Low
EPSS
Percentile
83.9%
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Do not use more than one fixed quantifier with \R or \X with UTF disabled in PCRE or PCRE2, as these are the conditions needed to trigger the flaw.