Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oniguruma project vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-19246
Oniguruma up to and including 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Oniguruma Project Oniguruma
Php Php
Fedoraproject Fedora 31
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-19204
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
5
CVSSv2
CVE-2019-19203
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
7.5
CVSSv2
CVE-2019-19012
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x prior to 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a...
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 31
1 Github repository
5
CVSSv2
CVE-2019-16163
Oniguruma prior to 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
Oniguruma Project Oniguruma
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
7.5
CVSSv2
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows malicious users to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a ...
Oniguruma Project Oniguruma 6.9.2
Php Php
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
4.3
CVSSv2
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows malicious users to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Oniguruma Project Oniguruma 6.9.2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
7.5
CVSSv2
CVE-2017-9225
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFF...
Oniguruma Project Oniguruma 6.2.0
Php Php
Ruby-lang Ruby
7.5
CVSSv2
CVE-2017-9224
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and acc...
Oniguruma Project Oniguruma 6.2.0
Php Php
7.5
CVSSv2
CVE-2017-9227
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search...
Oniguruma Project Oniguruma 6.2.0
Php Php
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »