Oniguruma Project Oniguruma 6.9.3

CPE Details

Oniguruma Project Oniguruma 6.9.3
oniguruma_project
oniguruma
6.9.3
2019-09-10
09h24 +00:00
2019-09-10
09h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oniguruma_project:oniguruma:6.9.3:*:*:*:*:*:*:*

Informations

Vendor

oniguruma_project

Product

oniguruma

Version

6.9.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-19246 2019-11-25 15h16 +00:00 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
7.5
High
CVE-2019-19203 2019-11-21 19h06 +00:00 An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
7.5
High
CVE-2019-19204 2019-11-21 19h06 +00:00 An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
7.5
High
CVE-2019-19012 2019-11-16 14h30 +00:00 An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.