Upstream information

CVE-2019-19012 at MITRE

Description

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1156984 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Liberty Linux 8
  • oniguruma >= 6.8.2-2.1.el8_9
  • oniguruma-devel >= 6.8.2-2.1.el8_9
Patchnames:
RHSA-2024:0889
openSUSE Tumbleweed
  • libonig5 >= 6.9.7.1-1.2
  • oniguruma-devel >= 6.9.7.1-1.2
Patchnames:
openSUSE Tumbleweed GA libonig5-6.9.7.1-1.2


SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:50:18 2022
CVE page last modified: Mon Feb 26 19:35:36 2024