Home

CVE-2019-13225

Description

A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.134

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:4827) oniguruma security update oniguruma-6.8.2-2.el8.i686.rpmLinux
(RHSA-2020:4827) oniguruma security update oniguruma-6.8.2-2.el8.x86_64.rpmLinux
(RHSA-2020:4827) oniguruma security update oniguruma-debugsource-6.8.2-2.el8.i686.rpmLinux
(RHSA-2020:4827) oniguruma security update oniguruma-debugsource-6.8.2-2.el8.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update apcu-panel-5.1.17-1.module+el8.1.0+3189+a1bff096.noarch.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-debugsource-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-devel-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-tools-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update libzip-tools-debuginfo-1.5.2-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-bcmath-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-bcmath-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-cli-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-cli-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-common-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-common-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dba-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dba-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dbg-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-dbg-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-debugsource-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-devel-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-embedded-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-embedded-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-enchant-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-enchant-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-fpm-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-fpm-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-gmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-intl-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-intl-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-json-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-json-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-ldap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-ldap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mbstring-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mbstring-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mysqlnd-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-mysqlnd-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-odbc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-odbc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-opcache-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-opcache-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pdo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pdo-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pear-1.10.9-1.module+el8.1.0+3189+a1bff096.noarch.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-debuginfo-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-debugsource-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-rrd-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-rrd-debuginfo-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-rrd-debugsource-2.0.1-1.module+el8.2.0+4968+1d5097db.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-xdebug-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-xdebug-debuginfo-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-xdebug-debugsource-2.8.0-1.module+el8.2.0+4968+1d5097db.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-zip-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-zip-debuginfo-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pecl-zip-debugsource-1.15.4-1.module+el8.1.0+3189+a1bff096.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pgsql-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-pgsql-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-process-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-process-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-recode-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-recode-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-snmp-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-snmp-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-soap-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-soap-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xml-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xml-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xmlrpc-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:3662)Moderate: security, bug fix, and enhancement update php-xmlrpc-debuginfo-7.3.20-1.module+el8.2.0+7373+b272fdef.x86_64.rpmLinux
(RHSA-2020:4827)Moderate: security update oniguruma-debuginfo-6.8.2-2.el8.i686.rpmLinux
(RHSA-2020:4827)Moderate: security update oniguruma-debuginfo-6.8.2-2.el8.x86_64.rpmLinux
php:7.3 security, bug fix, and enhancement update (RLSA-2020:3662) php-recode-7.3.20-1.module+el8.4.0+414+2e7afcdd.x86_64.rpmLinux
oniguruma security update (RLSA-2020:4827) oniguruma-6.8.2-2.el8.i686.rpmLinux
oniguruma security update (RLSA-2020:4827) oniguruma-6.8.2-2.el8.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP6) libonig4-debuginfo-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP5) libonig4-debuginfo-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP6) libonig4-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP5) libonig4-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP6) oniguruma-devel-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP5) oniguruma-devel-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP6) oniguruma-debugsource-6.7.0-150000.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:2401-1(Basesystem Module 15-SP5) oniguruma-debugsource-6.7.0-150000.3.6.1.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update apcu-panel-5.1.17-1.module_el8.3.0+2009+b272fdef.noarch.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-bcmath-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-cli-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-common-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-dba-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-dbg-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-devel-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-embedded-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-enchant-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-fpm-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-gd-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-gmp-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-intl-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-json-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-ldap-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-mbstring-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-mysqlnd-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-odbc-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-opcache-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pdo-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pear-1.10.9-1.module_el8.3.0+2009+b272fdef.noarch.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-apcu-5.1.17-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.17-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-xdebug-2.8.0-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pecl-zip-1.15.4-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-pgsql-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-process-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-recode-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-snmp-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-soap-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-xml-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update php-xmlrpc-7.3.20-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update libzip-1.5.2-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update libzip-devel-1.5.2-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux
Moderate: php:7.3 security, bug fix, and enhancement update libzip-tools-1.5.2-1.module_el8.3.0+2009+b272fdef.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234