Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oniguruma
(Oniguruma_project)| Repositories | https://github.com/kkos/oniguruma |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-10 | CVE-2019-13224 | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | Ubuntu_linux, Debian_linux, Fedora, Oniguruma, Php | 9.8 | ||
| 2019-07-10 | CVE-2019-13225 | A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | Fedora, Oniguruma | 6.5 |