An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-11-17 18:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-19012
Mitre link : CVE-2019-19012
CVE.ORG link : CVE-2019-19012
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
redhat
- enterprise_linux
oniguruma_project
- oniguruma