Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-16161

Опубликовано: 28 июл. 2019
Источник: redhat
CVSS3: 7.5

Описание

Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.

A NULL pointer dereference vulnerability was found in Onigmo in the way it handled certain types of "subexp" regular expressions. A remote attacker could exploit this flaw by providing a malformed regular expression that when processed by an application linked to Onigmo, would crash the application, causing a denial of service.

Отчет

This flaw does not affect the versions of oniguruma (embedded in php:7.2/php) as shipped with Red Hat Enterprise Linux 8 as they do not include the vulnerable code, which was introduced in a newer version of the package. The same is true for the versions of oniguruma as shipped with Red Hat Enterprise Linux 6, the versions of oniguruma (embedded in php and php53) as shipped with Red Hat Enterprise Linux 5, 6, and 7, and the versions of oniguruma (embedded in rh-php72-php) as shipped with Red Hat Software Collections 3. This flaw does not affect the versions of oniguruma as shipped with Red Hat Enterprise Linux 8 as they already include the patch. The same is true for the versions of oniguruma (embedded in php:7.3/php) as shipped with Red Hat Enterprise Linux 8 and the versions of oniguruma (embedded in rh-php73-php) as shipped with Red Hat Software Collections 3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6onigurumaNot affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux 7rubyFix deferred
Red Hat Enterprise Linux 8onigurumaNot affected
Red Hat Enterprise Linux 8php:7.2/phpNot affected
Red Hat Enterprise Linux 8php:7.3/phpNot affected
Red Hat Enterprise Linux 8ruby:2.5/rubyFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1769042onigmo: NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-16161

CVSS3: 7.5
nvd
больше 6 лет назад

Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.

github логотип

GHSA-5f77-76r3-qf34

CVSS3: 7.5
github
больше 3 лет назад

Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.

7.5 High

CVSS3