Lucene search

K

Alpine Linux Development TeamALPINE:CVE-2019-19204

HistoryNov 21, 2019 - 9:15 p.m.

CVE-2019-19204

2019-11-2121:15:00

Alpine Linux Development Team

security.alpinelinux.org

10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.

OSVersionArchitecturePackageVersionFilename
Alpine3.11-mainnoarchoniguruma= 6.9.4-r1UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for ALPINE:CVE-2019-19204

prion1 ubuntucve1 osv7 redhatcve1 veracode1 githubexploit2 debiancve1 cve1 nessus29 openvas19 debian2 altlinux1 ubuntu2 amazon1 almalinux2 redhat10 oraclelinux2 fedora2 suse1 mageia1 photon4 rocky1 ibm3