Impact: Moderate Public Date: 2019-06-27 CWE: CWE-476->CWE-400 Bugzilla: 1728965: CVE-2019-13225 oniguruma: null-pointer dereference in match_at() in regexec.c A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-13225 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 6.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | None |
Availability Impact | High |
Platform | Package | State |
---|---|---|
Red Hat OpenShift Container Platform 4.1 | oniguruma | Under investigation |
Red Hat Enterprise Linux 8 | oniguruma | Under investigation |
Red Hat Enterprise Linux 6 | oniguruma | Under investigation |