Upstream information

CVE-2019-19012 at MITRE

Description

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1156984 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Liberty Linux 8
  • oniguruma >= 6.8.2-2.1.el8_9
  • oniguruma-devel >= 6.8.2-2.1.el8_9
Patchnames:
RHSA-2024:0889
SUSE Linux Enterprise Micro 6.0
  • libonig5 >= 6.9.8-2.8
Patchnames:
SUSE Linux Enterprise Micro 6.0 GA libonig5-6.9.8-2.8
SUSE Linux Enterprise Micro 6.1
  • libonig5 >= 6.9.8-slfo.1.1_1.2
Patchnames:
SUSE Linux Enterprise Micro 6.1 GA libonig5-6.9.8-slfo.1.1_1.2
openSUSE Tumbleweed
  • libonig5 >= 6.9.7.1-1.2
  • oniguruma-devel >= 6.9.7.1-1.2
Patchnames:
openSUSE-Tumbleweed-2024-11111


SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:50:18 2022
CVE page last modified: Sat Nov 23 14:09:29 2024