PT-2019-13191 · Oniguruma+10 · Oniguruma+10

Kkos

Published

2019-06-27

Updated

2024-07-11

CVE-2019-13225

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Oniguruma version 6.9.2

Description A NULL Pointer Dereference issue in the match at() function in regexec.c allows attackers to potentially cause denial of service by providing a crafted regular expression. This issue may affect software that uses Oniguruma, such as Ruby, and optional libraries for PHP and Rust.

Recommendations For Oniguruma version 6.9.2, consider avoiding the use of crafted regular expressions until a patch is available. As a temporary workaround, restrict the input to the match at() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2020:3662

ALSA-2020:4827

ALT-PU-2019-2455

ALT-PU-2019-3215

ALT-PU-2020-2429

ALT-PU-2020-2430

BDU:2025-12506

CESA-2020_3662

CESA-2020_4827

CVE-2019-13225

MGASA-2019-0253

MGASA-2020-0029

OPENSUSE-SU-2024:11111-1

RHSA-2020:3662

RHSA-2020:4827

RHSA-2020_3662

RHSA-2020_4827

RLSA-2020:3662

RLSA-2020:4827

SUSE-SU-2024:2401-1

SUSE-SU-2024_2401-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Oniguruma

Php

Red Hat

Rocky Linux

Ruby

Rust

Suse

PT-2019-13191 · Oniguruma+10 · Oniguruma+10

CVE-2019-13225

Weakness Enumeration

Related Identifiers

Affected Products

References · 94