Lucene search

Veracode Vulnerability DatabaseVERACODE:27814

HistoryNov 05, 2020 - 3:18 a.m.

Denial Of Service (DoS)

2020-11-0503:18:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

oniguruma is vulnerable to denial of service. An attacker can cause a NULL pointer dereference in match_at() in regexec.c which allows an attacker to cause an application crash.

CPENameOperatorVersion
onigurumaeq6.8.2__1.el8
onigurumaeq6.8.2__1.el8

CPE	Name	Operator	Version
	oniguruma	eq	6.8.2__1.el8
	oniguruma	eq	6.8.2__1.el8

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

access.redhat.com/errata/RHSA-2020:4827

access.redhat.com/security/updates/classification/#moderate

github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c

lists.fedoraproject.org/archives/list/[email protected]/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/

lists.fedoraproject.org/archives/list/[email protected]/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/

security.gentoo.org/glsa/201911-03

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:27814