Lucene search
Veracode Vulnerability DatabaseVERACODE:21513HistorySep 13, 2019 - 6:32 a.m.
Denial Of Service (DoS)
2019-09-1306:32:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.004 Low
EPSS
Percentile
74.4%
Oniguruma is vulnerable to denial of service (DoS). The vulnerability exists in parse_exp function in regparse.c because the leading to a stack exhaustion not properly sanitized which allows an attacker to cause a crash generate malicious traffic into the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libonig.so | le | 5.0.0 | |
| libonig.so | le | 5.0.0 |
References
github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180
github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3
github.com/kkos/oniguruma/issues/147
lists.debian.org/debian-lts-announce/2019/09/msg00010.html
lists.fedoraproject.org/archives/list/[email protected]/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/
lists.fedoraproject.org/archives/list/[email protected]/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/
usn.ubuntu.com/4460-1/
Related
nessus
nessus
Debian DLA-1918-1 : libonig security update
2019-09-16 00:00:00
Fedora 30 : oniguruma (2019-e4819c6510)
2019-11-21 00:00:00
Fedora 29 : oniguruma (2019-6a931c8eec)
2019-11-21 00:00:00
debiancve
debiancve
CVE-2019-16163
2019-09-09 17:15:13
openvas
openvas
Debian: Security Advisory (DLA-1918-1)
2019-09-13 00:00:00
Fedora Update for oniguruma FEDORA-2019-e4819c6510
2019-11-21 00:00:00
Fedora Update for oniguruma FEDORA-2019-6a931c8eec
2019-11-21 00:00:00
debian
debian
[SECURITY] [DLA 1918-1] libonig security update
2019-09-12 09:48:11
[SECURITY][DLA 2431-1] libonig security update
2020-11-05 01:29:26
cvelist
cvelist
CVE-2019-16163
2019-09-09 15:38:09
nvd
nvd
CVE-2019-16163
2019-09-09 17:15:13
redhatcve
redhatcve
CVE-2019-16163
2019-11-05 18:26:30
cve
cve
CVE-2019-16163
2019-09-09 17:15:13
prion
prion
Stack overflow
2019-09-09 17:15:00
osv
osv
libonig - security update
2019-09-12 00:00:00
CVE-2019-16163
2019-09-09 17:15:13
Moderate: oniguruma security update
2024-02-20 00:00:00
ubuntucve
ubuntucve
CVE-2019-16163
2019-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: oniguruma-6.9.1-3.fc29
2019-11-21 02:02:49
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-3.fc30
2019-11-21 00:56:07
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-4.fc30
2019-12-08 01:03:41
ubuntu
ubuntu
Oniguruma vulnerabilities
2020-08-17 00:00:00
Oniguruma vulnerabilities
2022-10-10 00:00:00
amazon
amazon
Medium: oniguruma
2020-01-06 23:44:00
almalinux
almalinux
Moderate: oniguruma security update
2024-02-20 00:00:00
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
redhat
redhat
(RHSA-2024:0409) Moderate: oniguruma security update
2024-01-24 14:40:20
(RHSA-2024:0572) Moderate: oniguruma security update
2024-01-30 12:53:17
(RHSA-2024:0889) Moderate: oniguruma security update
2024-02-20 11:21:18
oraclelinux
oraclelinux
oniguruma security update
2024-02-20 00:00:00
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00
suse
suse
Security update for oniguruma (important)
2022-09-21 00:00:00
mageia
mageia
Updated oniguruma packages fix security vulnerabilities
2020-01-12 02:52:04
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0196
2019-12-20 00:00:00
Critical Photon OS Security Update - PHSA-2019-0196
2019-09-24 00:00:00
Critical Photon OS Security Update - PHSA-2019-0036
2019-10-23 00:00:00
rocky
rocky
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
2023-01-06 21:25:02
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities
2024-04-24 15:52:28
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-04-11 18:19:49