cve/2019/CVE-2019-19246.md

CVE-2019-19246

Description

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

POC

Reference

No PoCs from references.

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/balabit-deps/balabit-os-8-libonig
• https://github.com/balabit-deps/balabit-os-9-libonig
• https://github.com/deepin-community/libonig
• https://github.com/kkos/oniguruma
• https://github.com/onivim/esy-oniguruma
• https://github.com/winlibs/oniguruma