Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-13224

Опубликовано: 10 июл. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:oniguruma_project:oniguruma:6.9.2:-:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.1.0 (включая) до 7.1.32 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.2.0 (включая) до 7.2.23 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.3.0 (включая) до 7.3.9 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

EPSS

Процентиль: 67%
0.00557
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2019-13224

CVSS3: 9.8
ubuntu
почти 6 лет назад

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

redhat логотип

CVE-2019-13224

CVSS3: 6.8
redhat
почти 6 лет назад

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

debian логотип

CVE-2019-13224

CVSS3: 9.8
debian
почти 6 лет назад

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...

github логотип

GHSA-p5x5-jvwg-8vjr

CVSS3: 9.8
github
около 3 лет назад

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

fstec логотип

BDU:2020-01691

CVSS3: 9.8
fstec
почти 6 лет назад

Уязвимость функции onig_new_deluxe библиотеки регулярных выражений для многобайтовых строк libonig, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить ее целостность и доступность

EPSS

Процентиль: 67%
0.00557
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416