cve/CVE-2019-13224.md at 4024663e83c70ac127726b49919178f8121c5338

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ForAllSecure/VulnerabilitiesLab
https://github.com/balabit-deps/balabit-os-8-libonig
https://github.com/balabit-deps/balabit-os-9-libonig
https://github.com/deepin-community/libonig
https://github.com/kkos/oniguruma
https://github.com/onivim/esy-oniguruma
https://github.com/winlibs/oniguruma

1.2 KiB Raw Blame History

CVE-2019-13224

Description

POC

Reference

Github

1.2 KiB

Raw Blame History