VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 10, 2019· Updated Aug 4, 2024

CVE-2019-13225

CVE-2019-13225

Description

A NULL pointer dereference in Oniguruma 6.9.2's regexec.c allows denial of service via a crafted regular expression.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in Oniguruma 6.9.2's regexec.c allows denial of service via a crafted regular expression.

Vulnerability

A NULL pointer dereference vulnerability exists in the match_at() function in regexec.c of Oniguruma version 6.9.2. The flaw occurs during the compilation of if-then-else patterns in regular expressions, where the code path fails to properly handle a NULL Else branch, leading to a crash. This library is widely used as a dependency in Ruby, PHP, and Rust, making the vulnerability reachable in many applications.

Exploitation

An attacker can trigger the vulnerability by supplying a specially crafted regular expression that includes an if-then-else construct without an Else branch. No authentication or special privileges are required; the attack can be performed remotely if the application processes user-supplied regex patterns. The NULL pointer dereference occurs during the compilation phase, before any matching is attempted.

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the application to crash. The vulnerability does not lead to arbitrary code execution or information disclosure based on the available references. The impact is limited to availability, affecting any service or application that uses Oniguruma to compile untrusted regular expressions.

Mitigation

The issue was fixed in commit c509265 [1] and released in Oniguruma version 6.9.3. Users should upgrade to version 6.9.3 or later. The Gentoo security advisory (GLSA 201911-03) [4] recommends upgrading to >=dev-libs/oniguruma-6.9.3. No workaround is available for unpatched versions.

References
  1. Fix CVE-2019-13225: problem in converting if-then-else pattern to byt… · kkos/oniguruma@c509265
  2. Multiple vulnerabilities (GLSA 201911-03) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

51

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A NULL pointer dereference occurs in the regular expression engine due to improper handling of if-then-else patterns during compilation."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted regular expression to an application utilizing the affected library. When the engine processes this input, the flaw in the pattern compilation logic leads to a NULL pointer dereference, potentially resulting in a denial of service. This issue is documented to affect Oniguruma 6.9.2 [ref_id=1].

Affected code

The vulnerability is located in `regexec.c` within the `match_at()` function. The compilation logic for `BAG_IF_ELSE` nodes in `compile_bag_node()` and `compile_length_bag_node()` is identified as the source of the defect [ref_id=1].

What the fix does

The patch modifies the compilation logic for if-then-else patterns in `regexec.c` to ensure proper handling of conditional branches and jump offsets. By explicitly calculating `else_len` and adjusting the jump address logic, the fix prevents the engine from dereferencing a NULL pointer when an `Else` branch is missing or improperly structured [ref_id=1]. These changes ensure that the bytecode generation correctly accounts for all possible execution paths within the bag node.

Preconditions

  • inputThe application must accept and process user-supplied regular expressions.

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.