CVE-2019-13224
Description
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.548
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update apcu-panel-5.1.17-1.module+el8.1.0+3189+a1bff096.noarch.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.noarch.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| (RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpm | Linux |
| SUSE-SU-2022:3327-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libonig4-6.7.0-150000.3.3.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2022:3327-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) oniguruma-devel-6.7.0-150000.3.3.1.x86_64_15_SP3.rpm | Linux |
| (RHSA-2024:0889)Moderate: security update oniguruma-6.8.2-2.1.el8_9.i686.rpm | Linux |
| (RHSA-2024:0889)Moderate: security update oniguruma-6.8.2-2.1.el8_9.x86_64.rpm | Linux |
| (RHSA-2024:0889)Moderate: security update oniguruma-debuginfo-6.8.2-2.1.el8_9.i686.rpm | Linux |
| (RHSA-2024:0889)Moderate: security update oniguruma-debuginfo-6.8.2-2.1.el8_9.x86_64.rpm | Linux |
| (RHSA-2024:0889)Moderate: security update oniguruma-debugsource-6.8.2-2.1.el8_9.i686.rpm | Linux |
| (RHSA-2024:0889)Moderate: security update oniguruma-debugsource-6.8.2-2.1.el8_9.x86_64.rpm | Linux |
| Oniguruma update (ELSA-2024-0889) oniguruma-6.8.2-2.1.el8_9.i686.rpm | Linux |
| Oniguruma update (ELSA-2024-0889) oniguruma-6.8.2-2.1.el8_9.x86_64.rpm | Linux |
| php:7.3 security, bug fix, and enhancement update (RLSA-2020:3662) php-recode-7.3.20-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update apcu-panel-5.1.17-1.module_el8.3.0+2009+b272fdef.noarch.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-bcmath-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-cli-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-common-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-dba-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-dbg-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-devel-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-embedded-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-enchant-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-fpm-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-gd-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-gmp-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-intl-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-json-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-ldap-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-mbstring-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-mysqlnd-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-odbc-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-opcache-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pdo-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pear-1.10.9-1.module_el8.3.0+2009+b272fdef.noarch.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-apcu-5.1.17-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.17-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-xdebug-2.8.0-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-zip-1.15.4-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-pgsql-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-process-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-recode-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-snmp-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-soap-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-xml-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update php-xmlrpc-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update libzip-1.5.2-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update libzip-devel-1.5.2-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Moderate: php:7.3 security, bug fix, and enhancement update libzip-tools-1.5.2-1.module_el8.3.0+2009+b272fdef.x86_64.rpm | Linux |
| Use After Free Vulnerability (CVE-2019-13224) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234