CVE-2019-19012 — Out-of-bounds Read in Project Oniguruma
Severity
9.8CRITICALNVD
OSV7.5
EPSS
14.8%
top 5.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 17
Latest updateOct 10
Description
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages1 packages
Also affects: Debian Linux 8.0, Fedora 30, 31, Enterprise Linux 8.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read [openstack-rdo]↗2020-03-17
Bugzilla▶
CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read [epel-7]↗2020-02-12
Bugzilla▶
CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds [fedora-30]↗2020-02-12
Bugzilla▶
CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read↗2020-02-12