CVE-2019-19012 Common Vulnerabilities and Exposures

Upstream information

CVE-2019-19012 at MITRE

Description

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1156984 [RESOLVED / INVALID]

SUSE Security Advisories:

RHSA-2025:7539, published Sun May 18 15:06:16 UTC 2025

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 8	`oniguruma >= 6.8.2-2.1.el8_9` `oniguruma-devel >= 6.8.2-2.1.el8_9` `ruby >= 2.5.9-114.module+el8.10.0+23088+750dc6ca` `ruby-devel >= 2.5.9-114.module+el8.10.0+23088+750dc6ca` `ruby-doc >= 2.5.9-114.module+el8.10.0+23088+750dc6ca` `ruby-irb >= 2.5.9-114.module+el8.10.0+23088+750dc6ca` `ruby-libs >= 2.5.9-114.module+el8.10.0+23088+750dc6ca` `rubygem-abrt >= 0.3.0-4.module+el8.10.0+22021+135c76a8` `rubygem-abrt-doc >= 0.3.0-4.module+el8.10.0+22021+135c76a8` `rubygem-bigdecimal >= 1.3.4-114.module+el8.10.0+23088+750dc6ca` `rubygem-bson >= 4.3.0-2.module+el8.9.0+19193+435404ae` `rubygem-bson-doc >= 4.3.0-2.module+el8.9.0+19193+435404ae` `rubygem-bundler >= 1.16.1-5.module+el8.10.0+23088+750dc6ca` `rubygem-bundler-doc >= 1.16.1-5.module+el8.10.0+23088+750dc6ca` `rubygem-did_you_mean >= 1.2.0-114.module+el8.10.0+23088+750dc6ca` `rubygem-io-console >= 0.4.6-114.module+el8.10.0+23088+750dc6ca` `rubygem-json >= 2.1.0-114.module+el8.10.0+23088+750dc6ca` `rubygem-minitest >= 5.10.3-114.module+el8.10.0+23088+750dc6ca` `rubygem-mongo >= 2.5.1-2.module+el8.9.0+19193+435404ae` `rubygem-mongo-doc >= 2.5.1-2.module+el8.9.0+19193+435404ae` `rubygem-mysql2 >= 0.4.10-4.module+el8.9.0+19193+435404ae` `rubygem-mysql2-doc >= 0.4.10-4.module+el8.9.0+19193+435404ae` `rubygem-net-telnet >= 0.1.1-114.module+el8.10.0+23088+750dc6ca` `rubygem-openssl >= 2.1.2-114.module+el8.10.0+23088+750dc6ca` `rubygem-pg >= 1.0.0-3.module+el8.9.0+19193+435404ae` `rubygem-pg-doc >= 1.0.0-3.module+el8.9.0+19193+435404ae` `rubygem-power_assert >= 1.1.1-114.module+el8.10.0+23088+750dc6ca` `rubygem-psych >= 3.0.2-114.module+el8.10.0+23088+750dc6ca` `rubygem-rake >= 12.3.3-114.module+el8.10.0+23088+750dc6ca` `rubygem-rdoc >= 6.0.1.1-114.module+el8.10.0+23088+750dc6ca` `rubygem-test-unit >= 3.2.7-114.module+el8.10.0+23088+750dc6ca` `rubygem-xmlrpc >= 0.3.0-114.module+el8.10.0+23088+750dc6ca` `rubygems >= 2.7.6.3-114.module+el8.10.0+23088+750dc6ca` `rubygems-devel >= 2.7.6.3-114.module+el8.10.0+23088+750dc6ca`	Patchnames: RHSA-2024:0889 RHSA-2025:7539
SUSE Linux Micro 6.0	`libonig5 >= 6.9.8-2.8`	Patchnames: SUSE Linux Micro 6.0 GA libonig5-6.9.8-2.8
SUSE Linux Micro 6.1	`libonig5 >= 6.9.8-slfo.1.1_1.2`	Patchnames: SUSE Linux Micro 6.1 GA libonig5-6.9.8-slfo.1.1_1.2
openSUSE Tumbleweed	`libonig5 >= 6.9.7.1-1.2` `oniguruma-devel >= 6.9.7.1-1.2`	Patchnames: openSUSE-Tumbleweed-2024-11111

SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:50:18 2022
CVE page last modified: Sun May 18 19:36:14 2025