Back to search
CVE-2019-19012
Published: Nov 16, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/kkos/oniguruma/issues/164
x_refsource_MISC
https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2
x_refsource_MISC
https://github.com/tarantula-team/CVE-2019-19012
x_refsource_MISC
FEDORA-2019-d942abd0d4
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update
mailing-list
x_refsource_MLIST
FEDORA-2019-73197ff9a0
vendor-advisory
x_refsource_FEDORA
USN-4460-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now