Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2019-19246

Medium priority

Some fixes available 3 of 5

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

1 affected packages

libonig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-19204

Medium priority

Some fixes available 3 of 5

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based...

1 affected packages

libonig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-19203

Medium priority

Some fixes available 3 of 5

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a...

1 affected packages

libonig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-19012

Medium priority

Some fixes available 3 of 5

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit...

1 affected packages

libonig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-16163

Medium priority

Some fixes available 3 of 5

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

1 affected packages

libonig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-13225

Medium priority

Some fixes available 1 of 2

A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common...

1 affected packages

libonig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Not affected Not affected
Show less packages

CVE-2019-13224

Medium priority

Some fixes available 15 of 39

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression....

8 affected packages

groonga, libevhtp, libonig, mudlet, php5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
groonga Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libevhtp Not affected Not affected Not affected Not affected Vulnerable
libonig Fixed Fixed Fixed Fixed Fixed
mudlet Not in release Not in release Vulnerable Vulnerable Vulnerable
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2017-9225

Medium priority

Some fixes available 1 of 3

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Not affected
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.1 Not in release Not in release
Show less packages

CVE-2017-9229

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages

CVE-2017-9228

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages