CVE-2019-19012 Common Vulnerabilities and Exposures

Upstream information

CVE-2019-19012 at MITRE

Description

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1156984 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 8	`oniguruma >= 6.8.2-2.1.el8_9` `oniguruma-devel >= 6.8.2-2.1.el8_9`	Patchnames: RHSA-2024:0889
SUSE Linux Enterprise Micro 6.0	`libonig5 >= 6.9.8-2.8`	Patchnames: SUSE Linux Enterprise Micro 6.0 GA libonig5-6.9.8-2.8
openSUSE Tumbleweed	`libonig5 >= 6.9.7.1-1.2` `oniguruma-devel >= 6.9.7.1-1.2`	Patchnames: openSUSE-Tumbleweed-2024-11111

SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:50:18 2022
CVE page last modified: Tue Sep 3 19:14:37 2024