Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19246

Опубликовано: 13 авг. 2019
Источник: redhat
CVSS3: 6.5

Описание

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

A vulnerability was found in Oniguruma, where improper bounds checking in str_lower_case_match within regexec.c can cause a heap-based buffer overflow, a remote attacker could exploit this flaw to crash the application or, in certain scenarios, execute arbitrary code. This occurs when the application processes specially crafted regex patterns, potentially leading to unintended behavior.

Отчет

This vulnerability is rated as moderate because a heap-based buffer overflow in Oniguruma’s str_lower_case_match within regexec.c could lead to application crashes or potential code execution. However, successful exploitation depends on specific conditions, such as how the application processes untrusted regex inputs, making the overall impact limited in most cases.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6onigurumaOut of support scope
Red Hat Enterprise Linux 6phpOut of support scope
Red Hat Enterprise Linux 7phpAffected
Red Hat Enterprise Linux 8onigurumaAffected
Red Hat Enterprise Linux 8php:7.2/phpAffected
Red Hat Enterprise Linux 8ruby:2.5/rubyAffected
Red Hat Enterprise Linux 8ruby:2.6/rubyAffected
Red Hat OpenShift Container Platform 4onigurumaWill not fix
Red Hat Software Collectionsrh-php72-phpAffected
Red Hat Software Collectionsrh-ruby24-rubyAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1777537oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19246

CVSS3: 7.5
ubuntu
больше 6 лет назад

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

nvd логотип

CVE-2019-19246

CVSS3: 7.5
nvd
больше 6 лет назад

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

debian логотип

CVE-2019-19246

CVSS3: 7.5
debian
больше 6 лет назад

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...

github логотип

GHSA-h9r8-w9m7-2qf5

CVSS3: 7.5
github
почти 4 года назад

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

fstec логотип

BDU:2021-03595

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость компонента str_lower_case_match библиотеки для регулярных выражений Oniguruma, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

6.5 Medium

CVSS3

Уязвимость CVE-2019-19246