Published: 17/11/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x prior to 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oniguruma project oniguruma 6.9.4
oniguruma project oniguruma
debian debian linux 8.0
fedoraproject fedora 30
redhat enterprise linux 8.0
fedoraproject fedora 31

Synopsis Moderate: oniguruma security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for oniguruma is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has ra ...

Synopsis Moderate: oniguruma security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for oniguruma is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has ra ...

Debian Bug report logs - #944959 libonig: CVE-2019-19012 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 17 Nov 2019 20:30:02 UTC Severity: important Tags: security, upstream Found in version libonig/692-1 ...

Oniguruma before 693 allows Stack Exhaustion in regcompc because of recursion in regparsec (CVE-2019-16163) Oniguruma through 693, as used in PHP 73x and other products, has a heap-based buffer over-read in str_lower_case_match in regexecc(CVE-2019-19246) ...

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read

CVE-2019-19012 An integer overflow in the search_in_range function in regexecc in Oniguruma 6x before 694_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker (This only affects the 32-bit compiled version) Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact

CWE-125 CWE-190 https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 https://github.com/kkos/oniguruma/issues/164 https://github.com/tarantula-team/CVE-2019-19012 https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html https://usn.ubuntu.com/4460-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/https://access.redhat.com/errata/RHSA-2024:0572 https://nvd.nist.gov https://github.com/tarantula-team/CVE-2019-19012 https://alas.aws.amazon.com/AL2/ALAS-2020-1380.html

CVE-2019-19012

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect