Unrated severityNVD Advisory· Published Nov 16, 2019· Updated Aug 5, 2024
CVE-2019-19012
CVE-2019-19012
Description
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37- Oniguruma/Onigurumadescription
- Range: >=6.0, <6.9.4_rc2
- osv-coords35 versionspkg:rpm/almalinux/onigurumapkg:rpm/almalinux/oniguruma-develpkg:rpm/almalinux/rubypkg:rpm/almalinux/ruby-develpkg:rpm/almalinux/ruby-docpkg:rpm/almalinux/rubygem-abrtpkg:rpm/almalinux/rubygem-abrt-docpkg:rpm/almalinux/rubygem-bigdecimalpkg:rpm/almalinux/rubygem-bsonpkg:rpm/almalinux/rubygem-bson-docpkg:rpm/almalinux/rubygem-bundlerpkg:rpm/almalinux/rubygem-bundler-docpkg:rpm/almalinux/rubygem-did_you_meanpkg:rpm/almalinux/rubygem-io-consolepkg:rpm/almalinux/rubygem-jsonpkg:rpm/almalinux/rubygem-minitestpkg:rpm/almalinux/rubygem-mongopkg:rpm/almalinux/rubygem-mongo-docpkg:rpm/almalinux/rubygem-mysql2pkg:rpm/almalinux/rubygem-mysql2-docpkg:rpm/almalinux/rubygem-net-telnetpkg:rpm/almalinux/rubygem-opensslpkg:rpm/almalinux/rubygem-pgpkg:rpm/almalinux/rubygem-pg-docpkg:rpm/almalinux/rubygem-power_assertpkg:rpm/almalinux/rubygem-psychpkg:rpm/almalinux/rubygem-rakepkg:rpm/almalinux/rubygem-rdocpkg:rpm/almalinux/rubygemspkg:rpm/almalinux/rubygems-develpkg:rpm/almalinux/rubygem-test-unitpkg:rpm/almalinux/rubygem-xmlrpcpkg:rpm/almalinux/ruby-irbpkg:rpm/almalinux/ruby-libspkg:rpm/opensuse/oniguruma&distro=openSUSE%20Tumbleweed
< 6.8.2-2.1.el8_9+ 34 more
- (no CPE)range: < 6.8.2-2.1.el8_9
- (no CPE)range: < 6.8.2-2.1.el8_9
- (no CPE)range: < 2.5.9-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.5.9-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.5.9-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 0.3.0-4.module_el8.5.0+2625+ec418553
- (no CPE)range: < 0.3.0-4.module_el8.10.0+3871+342e2c2f
- (no CPE)range: < 1.3.4-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 4.3.0-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 4.3.0-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 1.16.1-5.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 1.16.1-5.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 1.2.0-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 0.4.6-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.1.0-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 5.10.3-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.5.1-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 2.5.1-2.module_el8.5.0+2625+ec418553
- (no CPE)range: < 0.4.10-4.module_el8.5.0+259+8cec6917
- (no CPE)range: < 0.4.10-4.module_el8.5.0+2625+ec418553
- (no CPE)range: < 0.1.1-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.1.2-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 1.0.0-3.module_el8.9.0+3635+c6f99506
- (no CPE)range: < 1.0.0-3.module_el8.9.0+3635+c6f99506
- (no CPE)range: < 1.1.1-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 3.0.2-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 12.3.3-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 6.0.1.1-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.7.6.3-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.7.6.3-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 3.2.7-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 0.3.0-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.5.9-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 2.5.9-114.module_el8.10.0+3991+5e651d4e
- (no CPE)range: < 6.9.7.1-1.2
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4460-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/kkos/oniguruma/issues/164mitrex_refsource_MISC
- github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/12/msg00002.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.