PT-2019-13191 · Oniguruma+10 · Oniguruma+10

Kkos

Publicado

2019-06-27

Atualizado

2024-07-11

CVE-2019-13225

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Oniguruma version 6.9.2

Description A NULL Pointer Dereference issue in the match at() function in regexec.c allows attackers to potentially cause denial of service by providing a crafted regular expression. This issue may affect software that uses Oniguruma, such as Ruby, and optional libraries for PHP and Rust.

Recommendations For Oniguruma version 6.9.2, consider avoiding the use of crafted regular expressions until a patch is available. As a temporary workaround, restrict the input to the match at() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALSA-2020:3662

ALSA-2020:4827

ALT-PU-2019-2455

ALT-PU-2019-3215

ALT-PU-2020-2429

ALT-PU-2020-2430

BDU:2025-12506

CESA-2020_3662

CESA-2020_4827

CVE-2019-13225

MGASA-2019-0253

MGASA-2020-0029

OPENSUSE-SU-2024:11111-1

RHSA-2020:3662

RHSA-2020:4827

RHSA-2020_3662

RHSA-2020_4827

RLSA-2020:3662

RLSA-2020:4827

SUSE-SU-2024:2401-1

SUSE-SU-2024_2401-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Oniguruma

Php

Red Hat

Rocky Linux

Ruby

Rust

Suse

PT-2019-13191 · Oniguruma+10 · Oniguruma+10

CVE-2019-13225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94