An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-16T15:30:47

Updated: 2024-08-05T02:02:39.918Z

Reserved: 2019-11-16T00:00:00

Link: CVE-2019-19012

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-17T18:15:11.440

Modified: 2024-11-21T04:33:59.490

Link: CVE-2019-19012

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-11-08T00:00:00Z

Links: CVE-2019-19012 - Bugzilla