An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-21T20:06:47

Updated: 2024-08-05T02:09:39.457Z

Reserved: 2019-11-21T00:00:00

Link: CVE-2019-19204

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-21T21:15:11.577

Modified: 2024-11-21T04:34:19.407

Link: CVE-2019-19204

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-11-06T00:00:00Z

Links: CVE-2019-19204 - Bugzilla