Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oniguruma vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-19204
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
7.5
CVSSv3
CVE-2019-19203
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
7.5
CVSSv3
CVE-2019-16163
Oniguruma prior to 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
Oniguruma Project Oniguruma
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
7.5
CVSSv3
CVE-2017-9229
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_rang...
Oniguruma Project Oniguruma 6.2.0
Ruby-lang Ruby
Php Php
7.5
CVSSv3
CVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote malicious users to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Ruby-lang Ruby 2.4.0
7.1
CVSSv3
CVE-2019-11042
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Apple Mac Os X
Opensuse Leap 15.0
Redhat Software Collections 1.0
Tenable Tenable.sc
7.1
CVSSv3
CVE-2019-11041
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Apple Mac Os X
Opensuse Leap 15.0
Redhat Software Collections 1.0
Tenable Tenable.sc
6.5
CVSSv3
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows malicious users to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Oniguruma Project Oniguruma 6.9.2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
NA
CVE-2020-26159
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none
5 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2