Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oniguruma vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-19246
Oniguruma up to and including 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Oniguruma Project Oniguruma
Php Php
Fedoraproject Fedora 31
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-19203
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
5
CVSSv2
CVE-2019-19204
An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Oniguruma Project Oniguruma 6.9.4
Oniguruma Project Oniguruma
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
5
CVSSv2
CVE-2019-16163
Oniguruma prior to 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
Oniguruma Project Oniguruma
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
5
CVSSv2
CVE-2017-9229
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_rang...
Oniguruma Project Oniguruma 6.2.0
Ruby-lang Ruby
Php Php
5
CVSSv2
CVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote malicious users to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Ruby-lang Ruby 2.4.0
4.3
CVSSv2
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows malicious users to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Oniguruma Project Oniguruma 6.9.2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
NA
CVE-2023-0662
In PHP 8.0.X prior to 8.0.28, 8.1.X prior to 8.1.16 and 8.2.X prior to 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources...
Php Php
NA
CVE-2020-26159
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none
5 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2