CVE-2019-19012

2019-11-17T00:00:00
ID UB:CVE-2019-19012
Type ubuntucve
Reporter ubuntu.com
Modified 2019-11-17T00:00:00

Description

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

Bugs

  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944959>