Published: 21/11/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in Oniguruma 6.x prior to 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oniguruma project oniguruma 6.9.4
oniguruma project oniguruma
fedoraproject fedora 30
fedoraproject fedora 31

Debian Bug report logs - #945312 libonig: CVE-2019-19203: heap-buffer-overflow in gb18030_mbc_enc_len Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 22 Nov 2019 19:57:02 UTC Severity: important Tags: security ...

Synopsis Moderate: rh-php73-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php73-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: php:73 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the php:73 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: oniguruma security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for oniguruma is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has ra ...

Synopsis Moderate: oniguruma security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for oniguruma is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has ra ...

Heap-buffer-overflow in Oniguruma (function gb18030_mbc_enc_len)

CVE-2019-19203 An issue was discovered in Oniguruma 6x before 694_rc2 In the function gb18030_mbc_enc_len in file gb18030c, a UChar pointer is dereferenced without checking if it passed the end of the matched string This leads to a heap-based buffer over-read Researcher: ManhND of The Tarantula Team, VinCSS (a member of Vingroup) What is Oniguruma Oniguruma by K Kosako

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read

CVE-2019-19203 An issue was discovered in Oniguruma 6x before 694_rc2 In the function gb18030_mbc_enc_len in file gb18030c, a UChar pointer is dereferenced without checking if it passed the end of the matched string This leads to a heap-based buffer over-read Researcher: ManhND of The Tarantula Team, VinCSS (a member of Vingroup) What is Oniguruma Oniguruma by K Kosako

CWE-125 https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 https://github.com/kkos/oniguruma/issues/163 https://github.com/ManhNDd/CVE-2019-19203 https://github.com/tarantula-team/CVE-2019-19203 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945312 https://nvd.nist.gov https://github.com/ManhNDd/CVE-2019-19203

CVE-2019-19203

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect