CVE-2019-13224
10.07.2019, 14:15
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oniguruma_project | oniguruma | 6.9.2 |
| php | php | 7.1.0 ≤ 𝑥 < 7.1.32 |
| php | php | 7.2.0 ≤ 𝑥 < 7.2.23 |
| php | php | 7.3.0 ≤ 𝑥 < 7.3.9 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| groonga |
| ||||||||||||||||||||||||||||||
| libevhtp |
| ||||||||||||||||||||||||||||||
| libonig |
| ||||||||||||||||||||||||||||||
| mudlet |
| ||||||||||||||||||||||||||||||
| php5 |
| ||||||||||||||||||||||||||||||
| php7.0 |
| ||||||||||||||||||||||||||||||
| php7.2 |
| ||||||||||||||||||||||||||||||
| php7.3 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libonig4 |
| ||||||||||||||||||||||||||||||||||||||
| oniguruma-devel |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| oniguruma |
| ||||||||||||||||||
| oniguruma-devel |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| oniguruma |
| ||||
| oniguruma-debuginfo |
| ||||
| oniguruma-devel |
| ||||
| php71 |
| ||||
| php71-bcmath |
| ||||
| php71-cli |
| ||||
| php71-common |
| ||||
| php71-dba |
| ||||
| php71-dbg |
| ||||
| php71-debuginfo |
| ||||
| php71-devel |
| ||||
| php71-embedded |
| ||||
| php71-enchant |
| ||||
| php71-fpm |
| ||||
| php71-gd |
| ||||
| php71-gmp |
| ||||
| php71-imap |
| ||||
| php71-intl |
| ||||
| php71-json |
| ||||
| php71-ldap |
| ||||
| php71-mbstring |
| ||||
| php71-mcrypt |
| ||||
| php71-mysqlnd |
| ||||
| php71-odbc |
| ||||
| php71-opcache |
| ||||
| php71-pdo |
| ||||
| php71-pdo-dblib |
| ||||
| php71-pgsql |
| ||||
| php71-process |
| ||||
| php71-pspell |
| ||||
| php71-recode |
| ||||
| php71-snmp |
| ||||
| php71-soap |
| ||||
| php71-tidy |
| ||||
| php71-xml |
| ||||
| php71-xmlrpc |
| ||||
| php73 |
| ||||
| php73-bcmath |
| ||||
| php73-cli |
| ||||
| php73-common |
| ||||
| php73-dba |
| ||||
| php73-dbg |
| ||||
| php73-debuginfo |
| ||||
| php73-devel |
| ||||
| php73-embedded |
| ||||
| php73-enchant |
| ||||
| php73-fpm |
| ||||
| php73-gd |
| ||||
| php73-gmp |
| ||||
| php73-imap |
| ||||
| php73-intl |
| ||||
| php73-json |
| ||||
| php73-ldap |
| ||||
| php73-mbstring |
| ||||
| php73-mysqlnd |
| ||||
| php73-odbc |
| ||||
| php73-opcache |
| ||||
| php73-pdo |
| ||||
| php73-pdo-dblib |
| ||||
| php73-pgsql |
| ||||
| php73-process |
| ||||
| php73-pspell |
| ||||
| php73-recode |
| ||||
| php73-snmp |
| ||||
| php73-soap |
| ||||
| php73-tidy |
| ||||
| php73-xml |
| ||||
| php73-xmlrpc |
|
Common Weakness Enumeration
References