9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.1%
Package : libonig
Version : 5.9.5-3.2+deb8u2
CVE ID : CVE-2019-13224
Debian Bug : 931878
A use-after-free in onig_new_deluxe() in regext.c allows attackers to
potentially cause information disclosure, denial of service, or
possibly code execution by providing a crafted regular expression. The
attacker
provides a pair of a regex pattern and a string, with a multi-byte
encoding that gets handled by onig_new_deluxe().
For Debian 8 "Jessie", this problem has been fixed in version
5.9.5-3.2+deb8u2.
We recommend that you upgrade your libonig packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | ppc64el | php7.3-dba-dbgsym | < 7.3.9-1~deb10u1 | php7.3-dba-dbgsym_7.3.9-1~deb10u1_ppc64el.deb |
Debian | 9 | s390x | php7.0-opcache | < 7.0.33-0+deb9u5 | php7.0-opcache_7.0.33-0+deb9u5_s390x.deb |
Debian | 10 | mips64el | php7.3-recode | < 7.3.9-1~deb10u1 | php7.3-recode_7.3.9-1~deb10u1_mips64el.deb |
Debian | 9 | armhf | libphp7.0-embed-dbgsym | < 7.0.33-0+deb9u5 | libphp7.0-embed-dbgsym_7.0.33-0+deb9u5_armhf.deb |
Debian | 9 | mips | php7.0-json-dbgsym | < 7.0.33-0+deb9u5 | php7.0-json-dbgsym_7.0.33-0+deb9u5_mips.deb |
Debian | 10 | mipsel | libphp7.3-embed-dbgsym | < 7.3.9-1~deb10u1 | libphp7.3-embed-dbgsym_7.3.9-1~deb10u1_mipsel.deb |
Debian | 10 | mips | php7.3-dba | < 7.3.9-1~deb10u1 | php7.3-dba_7.3.9-1~deb10u1_mips.deb |
Debian | 9 | arm64 | php7.0-interbase | < 7.0.33-0+deb9u5 | php7.0-interbase_7.0.33-0+deb9u5_arm64.deb |
Debian | 9 | mips | php7.0-cgi | < 7.0.33-0+deb9u5 | php7.0-cgi_7.0.33-0+deb9u5_mips.deb |
Debian | 10 | s390x | php7.3-recode-dbgsym | < 7.3.9-1~deb10u1 | php7.3-recode-dbgsym_7.3.9-1~deb10u1_s390x.deb |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.1%