Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in regexec.c, which allows an attacker to read arbitrary heap memory, including pointers and sensitive strings. Remediation A fix was pushed into the master branch but not yet published. References - Debian Security...

ruby:2.5 security update

ruby 2.5.9-114 - Fix integer overflow in searchinrange function in regexec.c CVE-2019-19012. Resolves: RHEL-87505 rubygem-abrt rubygem-bson rubygem-bundler 1.16.1-5 - Fix unexpected code execution in Gemfiles CVE-2021-43809 Resolves: RHEL-87017 rubygem-mongo rubygem-mysql2 rubygem-pg...

oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read

An integer overflow vulnerability leading to an out-of-bounds read was found in the way Oniguruma handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could crash the...

SUSE CVE-2015-8853

The 1 Sreghop3, 2 Sreghop4, and 3 Sreghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service infinite loop via crafted utf-8 data, as demonstrated by "a\x80."...

SUSE CVE-2018-20796

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '\227|\1\1|t1|\\2537+' in grep...

glibc security update

2.28-151.0.1.el84 - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag ...

NewStart CGSL MAIN 6.02 : oniguruma Vulnerability (NS-SA-2021-0067)

The remote NewStart CGSL host, running version MAIN 6.02, has oniguruma packages installed that are affected by a vulnerability: - A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expressio...

oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c

A vulnerability was found in Oniguruma, where improper bounds checking in strlowercasematch within regexec.c can cause a heap-based buffer overflow, a remote attacker could exploit this flaw to crash the application or, in certain scenarios, execute arbitrary code. This occurs when the applicatio...

Oracle Linux 8 : oniguruma (ELSA-2020-4827)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4827 advisory. 6.8.2-2 - Fix CVE-2019-13225 Resolves: 1771052 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Denial Of Service (DoS)

oniguruma is vulnerable to Denial Of Service DoS. An attacker can cause a NULL pointer dereference in matchat in regexec.c which allows an attacker to cause an application crash...

Moderate: Red Hat Security Advisory: oniguruma security update

An update for oniguruma is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Oracle Linux 7 : edk2 (ELSA-2020-5861)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5861 advisory. - Create new 1.3 release for OL7 which includes the following fixed CVEs: CVE-2018-12182 CVE-2019-13224 CVE-2019-13225 CVE-2019-14553 Fri May 17 2019...

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2020-1388)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by...

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

Oniguruma Heap Buffer Overflow Vulnerability

Oniguruma is an open source regular expression library. A buffer error vulnerability exists in strlowercasematch in the regexec.c file in Oniguruma versions 6.9.3 and earlier used in PHP version 7.3.x and other products. The vulnerability stems from a web-based system or product that performs...

UBUNTU-CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

Heap overflow

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

CVE-2019-19246

CVE-2019-19246: Oniguruma (used in PHP 7.3.x and others) has a heap-based buffer over-read in str_lower_case_match (regexec.c). Public advisories confirm the issue affects Oniguruma up to 6.9.3 and can lead to denial of service or code execution when processing crafted regex inputs. Affected soft...

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

Oniguruma Integer Overflow Vulnerability

Oniguruma is a BSD-licensed regular expression library that supports multiple character encodings. An integer overflow vulnerability exists in the searchinrange function in regexec.c in Oniguruma, which can be exploited by a remote attacker to cause an out-of-bounds read via a specially crafted...