CVE-2019-19012 - OpenCVE

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Redhat	Enterprise Linux
Oniguruma Project	Oniguruma
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:oniguruma_project:oniguruma::::::::
	cpe:2.3:a:oniguruma_project:oniguruma:6.9.4:rc1::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

References

Link	Resource
https://github.com/kkos/oniguruma/issues/164	Exploit Patch Third Party Advisory
https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2	Third Party Advisory
https://github.com/tarantula-team/CVE-2019-19012	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/
https://usn.ubuntu.com/4460-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-16T15:30:47

Updated: 2020-08-24T13:06:06

Reserved: 2019-11-16T00:00:00

Link: CVE-2019-19012

JSON object: View

NVD Information

Status : Modified

Published: 2019-11-17T18:15:11.440

Modified: 2023-11-07T03:07:23.687

Link: CVE-2019-19012

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-24T13:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kkos/oniguruma/issues/164"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tarantula-team/CVE-2019-19012"}, {"name": "FEDORA-2019-d942abd0d4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/"}, {"name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html"}, {"name": "FEDORA-2019-73197ff9a0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/"}, {"name": "USN-4460-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4460-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kkos/oniguruma/issues/164", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/issues/164"}, {"name": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2"}, {"name": "https://github.com/tarantula-team/CVE-2019-19012", "refsource": "MISC", "url": "https://github.com/tarantula-team/CVE-2019-19012"}, {"name": "FEDORA-2019-d942abd0d4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/"}, {"name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html"}, {"name": "FEDORA-2019-73197ff9a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/"}, {"name": "USN-4460-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4460-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19012", "datePublished": "2019-11-16T15:30:47", "dateReserved": "2019-11-16T00:00:00", "dateUpdated": "2020-08-24T13:06:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oniguruma_project:oniguruma:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBFDAD06-A3DB-4161-9B88-D384E641705B", "versionEndIncluding": "6.9.3", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oniguruma_project:oniguruma:6.9.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "0515AAEB-AD17-4E7F-91DE-D9FEC0C1602D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n search_in_range en el archivo regexec.c en Oniguruma versiones 6.x anteriores a 6.9.4_rc2, conduce a una lectura fuera de l\u00edmites, en la que el desplazamiento de esta lectura est\u00e1 bajo el control de un atacante. (Esto solo afecta a la versi\u00f3n compilada de 32 bits). Los atacantes remotos pueden causar una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n, o posiblemente tener otro impacto no especificado, por medio de una expresi\u00f3n regular especialmente dise\u00f1ada."}], "id": "CVE-2019-19012", "lastModified": "2023-11-07T03:07:23.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-17T18:15:11.440", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/kkos/oniguruma/issues/164"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tarantula-team/CVE-2019-19012"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4460-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}