Lucene search
+L

24 matches found

BDU FSTEC
BDU FSTEC
added 2025/10/06 12:0 a.m.3 views

The vulnerability of the match_at() function in the regexec.c component of the Libonig regular expression library allows a attacker to cause a service failure.

The vulnerability of the matchat function in the regexec.c component of the Libonig regular expression library is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to cause a service failure...

6.5CVSS6.6AI score0.02129EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2025/09/15 2:1 p.m.7 views

CLSA-2025-1757944902 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

9.8CVSS7.1AI score0.07511EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.5 views

SUSE CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...

4CVSS7.1AI score0.0654EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.5 views

SUSE CVE-2019-13225

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

6.5CVSS6.9AI score0.02129EPSS
Exploits0References4
OSV
OSV
added 2022/11/06 12:0 a.m.12 views

OSV-2022-1144 Heap-buffer-overflow in onigenc_mbn_mbc_case_fold

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53041 Crash type: Heap-buffer-overflow READ 1 Crash state: onigencmbnmbccasefold euckrmbccasefold matchat...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.32 views

Oracle Linux 8 : oniguruma (ELSA-2020-4827)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4827 advisory. 6.8.2-2 - Fix CVE-2019-13225 Resolves: 1771052 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

6.5CVSS7.2AI score0.02129EPSS
Exploits0References2
Veracode
Veracode
added 2020/11/05 3:18 a.m.28 views

Denial Of Service (DoS)

oniguruma is vulnerable to Denial Of Service DoS. An attacker can cause a NULL pointer dereference in matchat in regexec.c which allows an attacker to cause an application crash...

6.5CVSS7.6AI score0.02129EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linux
added 2020/11/04 1:59 a.m.7 views

oniguruma: NULL pointer dereference in match_at() in regexec.c

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

6.5CVSS7.4AI score0.02129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:59 a.m.316 views

Moderate: Red Hat Security Advisory: oniguruma security update

An update for oniguruma is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

6.5CVSS6.5AI score0.02129EPSS
Exploits0References3
OSV
OSV
added 2020/11/03 12:39 p.m.27 views

RLSA-2020:4827 Moderate: oniguruma security update

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: NULL pointer dereference in matchat in regexec.c CVE-2019-13225 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.3CVSS8.1AI score0.02129EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.47 views

Oracle Linux 7 : edk2 (ELSA-2020-5861)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5861 advisory. - Create new 1.3 release for OL7 which includes the following fixed CVEs: CVE-2018-12182 CVE-2019-13224 CVE-2019-13225 CVE-2019-14553 Fri May 17 2019...

9.8CVSS7.6AI score0.04047EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/08 10:6 a.m.6 views

oniguruma: NULL pointer dereference in match_at() in regexec.c

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

6.5CVSS7.4AI score0.02129EPSS
Exploits0References4
OSV
OSV
added 2020/07/22 9:49 p.m.19 views

OSV-2020-1235 Heap-buffer-overflow in mbc_case_fold

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21977 Crash type: Heap-buffer-overflow READ 1 Crash state: mbccasefold stringcmpic matchat...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/04 12:0 a.m.62 views

Amazon Linux AMI : oniguruma (ALAS-2019-1295)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS8.1AI score0.04047EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/20 12:0 a.m.46 views

Amazon Linux 2 : oniguruma (ALAS-2019-1288)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS8.1AI score0.04047EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/09 12:0 a.m.47 views

FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS8.1AI score0.04047EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/07/10 2:15 p.m.29 views

CVE-2019-13225

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

6.5CVSS6.7AI score0.02129EPSS
Exploits0References2
Prion
Prion
added 2019/07/10 2:15 p.m.25 views

Null pointer dereference

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

4.3CVSS7.5AI score0.02129EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2019/07/10 1:50 p.m.198 views

CVE-2019-13225

Oniguruma 6.9.2 contains a NULL pointer dereference in match_at() (CVE-2019-13225) that can lead to denial of service when a crafted regular expression is used. Multiple connected advisories (AlmaLinux, Fedora, Amazon Linux, Astra Linux) report the vulnerability and list updates/patches for onigu...

6.5CVSS7.5AI score0.02129EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2019/07/03 12:0 a.m.39 views

oniguruma -- multiple vulnerabilities

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS4.9AI score0.04047EPSS
Exploits0References4
Rows per page
Query Builder