{ "schema_version": "1.6.2", "id": "MGASA-2020-0029", "published": "2020-01-11T23:52:04Z", "modified": "2020-01-11T23:31:05Z", "summary": "Updated oniguruma packages fix security vulnerabilities", "details": "Updated oniguruma packages fix security vulnerabilities:\n\nA use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2\nallows attackers to potentially cause information disclosure, denial\nof service, or possibly code execution by providing a crafted regular\nexpression. The attacker provides a pair of a regex pattern and a string,\nwith a multi-byte encoding that gets handled by onig_new_deluxe()\n(CVE-2019-13224).\n\nA NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2\nallows attackers to potentially cause denial of service by providing a\ncrafted regular expression (CVE-2019-13225).\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of\nrecursion in regparse.c (CVE-2019-16163).\n\nAn integer overflow in the search_in_range function in regexec.c leads to\nan out-of-bounds read, in which the offset of this read is under the\ncontrol of an attacker. (This only affects the 32-bit compiled version).\nRemote attackers can cause a denial-of-service or information disclosure,\nor possibly have unspecified other impact, via a crafted regular expression\n(CVE-2019-19012).\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function\ngb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced\nwithout checking if it passed the end of the matched string. This leads to\na heap-based buffer over-read (CVE-2019-19203).\n\nIn the function fetch_range_quantifier in regparse.c, PFETCH is called\nwithout checking PEND. This leads to a heap-based buffer over-read and\nlead to denial-of-service via a crafted regular expression\n(CVE-2019-19204).\n\nHeap-based buffer over-read in str_lower_case_match in regexec.c can lead\nto denial-of-service via a crafted regular expression (CVE-2019-19246).\n", "related": [ "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19012", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2020-0029.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=25843" }, { "type": "REPORT", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/" }, { "type": "REPORT", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/" }, { "type": "REPORT", "url": "https://www.debian.org/lts/security/2019/dla-2020" }, { "type": "REPORT", "url": "https://security-tracker.debian.org/tracker/CVE-2019-19203" }, { "type": "REPORT", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" } ], "affected": [ { "package": { "ecosystem": "Mageia:7", "name": "oniguruma", "purl": "pkg:rpm/mageia/oniguruma?arch=source&distro=mageia-7" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.9.4-1.mga7" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }