9.8
CVE-2019-19012
- EPSS 14.78%
- Published 17.11.2019 18:15:11
- Last modified 21.11.2024 04:33:59
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
Data is provided by the National Vulnerability Database (NVD)
Oniguruma Project ≫ Oniguruma Version >= 6.0.0 <= 6.9.3
Oniguruma Project ≫ Oniguruma Version6.9.4 Updaterc1
Debian ≫ Debian Linux Version8.0
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Redhat ≫ Enterprise Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.78% | 0.943 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.