logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-13224

Description

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.


Affected Software


CPE Name Name Version
oniguruma_project:oniguruma oniguruma project oniguruma 6.9.2
php:php php 7.3.9
php:php php 7.2.23
php:php php 7.1.32
fedoraproject:fedora fedoraproject fedora 29
fedoraproject:fedora fedoraproject fedora 30
debian:debian_linux debian debian linux 8.0
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_linux canonical ubuntu linux 12.04

Related