mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
25 lines
1.2 KiB
Markdown
25 lines
1.2 KiB
Markdown
|
### [CVE-2019-13224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
No PoCs from references.
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/ForAllSecure/VulnerabilitiesLab
|
||
|
|
- https://github.com/balabit-deps/balabit-os-8-libonig
|
||
|
|
- https://github.com/balabit-deps/balabit-os-9-libonig
|
||
|
|
- https://github.com/deepin-community/libonig
|
||
|
|
- https://github.com/kkos/oniguruma
|
||
|
|
- https://github.com/onivim/esy-oniguruma
|
||
|
|
- https://github.com/winlibs/oniguruma
|
||
|
|
|