Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oniguruma project vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-19012
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x prior to 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a...
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 31
1 Github repository
9.8
CVSSv3
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows malicious users to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a ...
Oniguruma Project Oniguruma 6.9.2
Php Php
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
9.8
CVSSv3
CVE-2017-9224
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and acc...
Oniguruma Project Oniguruma 6.2.0
Php Php
9.8
CVSSv3
CVE-2017-9227
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search...
Oniguruma Project Oniguruma 6.2.0
Php Php
9.8
CVSSv3
CVE-2017-9228
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an inc...
Oniguruma Project Oniguruma 6.2.0
Php Php
9.8
CVSSv3
CVE-2017-9225
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFF...
Oniguruma Project Oniguruma 6.2.0
Php Php
Ruby-lang Ruby
7.5
CVSSv3
CVE-2019-19246
Oniguruma up to and including 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Oniguruma Project Oniguruma
Php Php
Fedoraproject Fedora 31
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2019-19203
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
7.5
CVSSv3
CVE-2019-19204
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
7.5
CVSSv3
CVE-2019-16163
Oniguruma prior to 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
Oniguruma Project Oniguruma
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »