QwikSec

Security Database

CVE

CWE

Training

CVE-2019-13224

Published: Jul 10, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55

x_refsource_CONFIRM

[debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update

mailing-list

x_refsource_MLIST

FEDORA-2019-3f3d0953db

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-5409bb5e68

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_UBUNTU

https://support.f5.com/csp/article/K00103182

x_refsource_CONFIRM

https://support.f5.com/csp/article/K00103182?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.