An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-16T15:30:47
Updated: 2024-08-05T02:02:39.918Z
Reserved: 2019-11-16T00:00:00
Link: CVE-2019-19012
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-17T18:15:11.440
Modified: 2023-11-07T03:07:23.687
Link: CVE-2019-19012
Redhat