TencentOS Server 3: oniguruma (TSSA-2024:0077)

🗓️ 20 Nov 2025 00:00:00Reported by TenableType

TencentOS Server 3 fixes Oniguruma vulnerabilities listed in TSSA-2024:0077.

Reporter	Title	Published	Views	Family All 320
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities	24 Apr 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in oniguruma 6.9.6-1.el9.6	8 Jul 202507:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	29 Jan 202520:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Mar 202503:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	15 Apr 202502:27	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package edk2 version 20191122-alt1	18 Dec 201900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package oniguruma version 6.9.4-alt1	4 Dec 201900:00	–	altlinux
GithubExploit	Exploit for Integer Overflow or Wraparound in Oniguruma_Project Oniguruma	20 Nov 201910:00	–	githubexploit
GithubExploit	Exploit for Integer Overflow or Wraparound in Oniguruma_Project Oniguruma	20 Nov 201914:32	–	githubexploit
FreeBSD	oniguruma -- multiple vulnerabilities	3 Jul 201900:00	–	freebsd

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20240077.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0077.
##

include('compat.inc');

if (description)
{
  script_id(276359);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id(
    "CVE-2019-13224",
    "CVE-2019-16163",
    "CVE-2019-19012",
    "CVE-2019-19203",
    "CVE-2019-19204"
  );

  script_name(english:"TencentOS Server 3: oniguruma (TSSA-2024:0077)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0077 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2019-13224:
    A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause
    information disclosure, denial of service, or possibly code execution by providing a crafted regular
    expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that
    gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional
    libraries for PHP and Rust.

    CVE-2019-16163:
    Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

    CVE-2019-19012:
    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads
    to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only
    affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information
    disclosure, or possibly have unspecified other impact, via a crafted regular expression.

    CVE-2019-19203:
    An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file
    gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string.
    This leads to a heap-based buffer over-read.

    CVE-2019-19204:
    An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier
    (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This
    leads to a heap-based buffer over-read.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240077.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19012");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:oniguruma");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'oniguruma-6.8.2-2.1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-6.8.2-2.1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-debuginfo-6.8.2-2.1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-debuginfo-6.8.2-2.1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-debugsource-6.8.2-2.1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-debugsource-6.8.2-2.1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-devel-6.8.2-2.1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'oniguruma-devel-6.8.2-2.1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'oniguruma / oniguruma-debuginfo / oniguruma-debugsource / etc');
}

20 Nov 2025 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 27.5

CVSS 3.19.8

EPSS0.14783