Upstream information

CVE-2019-19012 at MITRE


An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1156984 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • libonig5 >=
  • oniguruma-devel >=
openSUSE Tumbleweed GA libonig5-

SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:50:18 2022
CVE page last modified: Fri Oct 7 12:50:18 2022