logo
DATABASE RESOURCES PRICING ABOUT US

Medium: oniguruma

Description

**Issue Overview:** A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13224) A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13225) **Affected Packages:** oniguruma **Issue Correction:** Run _yum update oniguruma_ to update your system. **New Packages:** aarch64:     oniguruma-5.9.6-1.amzn2.0.1.aarch64     oniguruma-devel-5.9.6-1.amzn2.0.1.aarch64     oniguruma-debuginfo-5.9.6-1.amzn2.0.1.aarch64 i686:     oniguruma-5.9.6-1.amzn2.0.1.i686     oniguruma-devel-5.9.6-1.amzn2.0.1.i686     oniguruma-debuginfo-5.9.6-1.amzn2.0.1.i686 src:     oniguruma-5.9.6-1.amzn2.0.1.src x86_64:     oniguruma-5.9.6-1.amzn2.0.1.x86_64     oniguruma-devel-5.9.6-1.amzn2.0.1.x86_64     oniguruma-debuginfo-5.9.6-1.amzn2.0.1.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma-devel 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma-debuginfo 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma-devel 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma-debuginfo 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma-devel 5.9.6-1.amzn2.0.1
Amazon Linux 2 oniguruma-debuginfo 5.9.6-1.amzn2.0.1

Related