Oniguruma Security Vulnerabilities and Issues — Oniguruma CVE List

Lucene search

Oniguruma ProjectOniguruma

5 matches found

CVE•added 2019/11/25 5:15 p.m.•340 views

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

7.5CVSS8.5AI score0.00267EPSS

CVE•added 2019/11/21 9:15 p.m.•281 views

CVE-2019-19203

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

7.5CVSS8.3AI score0.01147EPSS

CVE•added 2019/09/09 5:15 p.m.•255 views

CVE-2019-16163

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

7.5CVSS8.4AI score0.00087EPSS

CVE•added 2017/05/24 3:29 p.m.•204 views

CVE-2017-9229

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid poin...

7.5CVSS8.5AI score0.00276EPSS

CVE•added 2019/11/21 9:15 p.m.•189 views

CVE-2019-19204

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.

7.5CVSS8.4AI score0.11189EPSS