CVE-2019-19012

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oniguruma versions 6.x through 6.9.4 rc2

Description The issue is related to an integer overflow in the search in range function, which can lead to an out-of-bounds read. The offset of this read is under the control of an attacker, allowing remote attackers to cause a denial-of-service or information disclosure. This could potentially have other unspecified impacts. The vulnerability is specific to the 32-bit compiled version of the software.

Recommendations For Oniguruma versions 6.x through 6.9.4 rc2, update to version 6.9.4 rc2 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted regular expressions to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-190

Related Identifiers

ALSA-2020_4827

ALSA-2024:0889

ALSA-2024_0889

ALSA-2025:7539

ALSA-2025_16880

ALSA-2025_7539

ALT-PU-2019-3211

ALT-PU-2019-3215

BDU:2021-03593

CESA-2024_0889

CESA-2025_7539

CVE-2019-19012

DLA-2020-1

DLA-2431-1

ELSA-2024-0889

ELSA-2025-7539

INFSA-2025_7539

MGASA-2020-0029

OPENSUSE-SU-2024:11111-1

RHSA-2024:0409

RHSA-2024:0572

RHSA-2024:0889

RHSA-2024_0889

RHSA-2025:7539

RHSA-2025_7539

RLSA-2025_7539

USN-4460-1

USN-5662-1

Affected Products

Alt Linux

Almalinux

Centos

Oniguruma

Red Hat

Rocky Linux

Ubuntu

CVE-2019-19012

Weakness Enumeration

Related Identifiers

Affected Products

References · 70