Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-19203

Опубликовано: 21 нояб. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libonigfixed6.9.4-1package
libonigno-dsabusterpackage
libonigignoredjessiepackage

Примечания

  • https://github.com/kkos/oniguruma/issues/163

  • https://github.com/kkos/oniguruma/commit/aa0188eaedc056dca8374ac03d0177429b495515 (v6.9.4_rc2)

  • Only exploitable with attacker-provided pattern

EPSS

Процентиль: 78%
0.01147
Низкий

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 5 лет назад

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

CVSS3: 7.5
redhat
почти 6 лет назад

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

github
около 3 лет назад

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость функции gb18030_mbc_enc_len библиотеки регулярных выражений Oniguruma, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01147
Низкий