CVE-2019-19203
21.11.2019, 21:15
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oniguruma_project | oniguruma | 6.0.0 ≤ 𝑥 < 6.9.4 |
| oniguruma_project | oniguruma | 6.9.4:rc1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libonig |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libonig4 |
| ||||||||||||||||||||||||||||||||||||||
| oniguruma-devel |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| oniguruma |
| ||||||||||||||||||
| oniguruma-devel |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| php |
| ||
| php-bcmath |
| ||
| php-cli |
| ||
| php-common |
| ||
| php-dba |
| ||
| php-debuginfo |
| ||
| php-devel |
| ||
| php-embedded |
| ||
| php-enchant |
| ||
| php-fpm |
| ||
| php-gd |
| ||
| php-intl |
| ||
| php-ldap |
| ||
| php-mbstring |
| ||
| php-mysqlnd |
| ||
| php-odbc |
| ||
| php-pdo |
| ||
| php-pgsql |
| ||
| php-process |
| ||
| php-pspell |
| ||
| php-recode |
| ||
| php-snmp |
| ||
| php-soap |
| ||
| php-xml |
| ||
| php-xmlrpc |
|
Common Weakness Enumeration
References