Exploit for Integer Overflow or Wraparound in Oniguruma_Project Oniguruma

CVE-2019-19012 An integer overflow in the searchinrange fun...

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

Regular Expression Denial of Service

Overview All versions of markdown are vulnerable to Regular Expression Denial of Service ReDoS. The markdown.toHTML function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input. Recommendation...

Oniguruma Integer Overflow Vulnerability

Oniguruma is a BSD-licensed regular expression library that supports multiple character encodings. An integer overflow vulnerability exists in the searchinrange function in regexec.c in Oniguruma, which can be exploited by a remote attacker to cause an out-of-bounds read via a specially crafted...

CVE-2019-19012

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

DEBIAN-CVE-2019-19012

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

Integer overflow

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

CVE-2019-19012

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

CVE-2019-19012

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler...

CVE-2019-19012

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

EulerOS 2.0 SP5 : icu (EulerOS-SA-2019-2159)

According to the versions of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944, as used in Google Chrome before...

CVE-2016-1000232

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse an HTTP header with many semicolons could cause the application to consume an excessive amount of CPU...

DEBIAN-CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...

[ASA-201911-3] glibc: information disclosure

Arch Linux Security Advisory ASA-201911-3 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-9169 Package : glibc Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-855 Summary ======= The package glibc before version 2.30...

CVE-2019-17592

The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option...

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

java security update

CentOS Errata and Security Advisory CESA-2019:3136 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...