PT-2019-5886 · Oniguruma+6 · Oniguruma+6

Manhnd

Publicado

2019-11-08

Atualizado

2025-09-29

CVE-2019-19012

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oniguruma versions 6.x through 6.9.4 rc2

Description The issue is related to an integer overflow in the search in range function, which can lead to an out-of-bounds read. The offset of this read is under the control of an attacker, allowing remote attackers to cause a denial-of-service or information disclosure. This could potentially have other unspecified impacts. The vulnerability is specific to the 32-bit compiled version of the software.

Recommendations For Oniguruma versions 6.x through 6.9.4 rc2, update to version 6.9.4 rc2 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted regular expressions to minimize the risk of exploitation.

Exploit

Correção

DoS

Out of bounds Read

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-190

Identificadores relacionados

ALSA-2020_4827

ALSA-2024:0889

ALSA-2024_0889

ALSA-2025:7539

ALSA-2025_16880

ALSA-2025_7539

ALT-PU-2019-3211

ALT-PU-2019-3215

BDU:2021-03593

CESA-2024_0889

CESA-2025_7539

CVE-2019-19012

DLA-2020-1

DLA-2431-1

ELSA-2024-0889

ELSA-2025-7539

INFSA-2025_7539

MGASA-2020-0029

OPENSUSE-SU-2024:11111-1

RHSA-2024:0409

RHSA-2024:0572

RHSA-2024:0889

RHSA-2024_0889

RHSA-2025:7539

RHSA-2025_7539

RLSA-2025_7539

USN-4460-1

USN-5662-1

Produtos afetados

Alt Linux

Almalinux

Centos

Oniguruma

Red Hat

Rocky Linux

Ubuntu

PT-2019-5886 · Oniguruma+6 · Oniguruma+6

CVE-2019-19012

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 70