CVE-2019-13225
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-13225
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13225.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-13225
- Downstream
- Related
- Published
- 2019-07-10T14:15:11Z
- Modified
- 2025-10-13T08:14:43.582623Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
- References
-
- https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
- https://security.gentoo.org/glsa/201911-03
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/
Affected packages
Git / github.com/kkos/oniguruma
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kkos/oniguruma
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v5.*
v5.9.6
v6.*
v6.0.0
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.2.0
v6.3.0
v6.4.0
v6.5.0
v6.6.0
v6.6.1
v6.7.0
v6.7.1
v6.8.0
v6.8.1
v6.8.2
v6.9.0
v6.9.1
v6.9.2
v6.9.2_rc1
v6.9.2_rc2
v6.9.2_rc3
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c",
"deprecated": false,
"id": "CVE-2019-13225-2b85bd8b",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"85141731386316851965725583353761852847",
"204595937784327686332058629384380229674",
"319247688735767608892947998935321169709",
"241674881094433395339525784506746142782",
"254990912557451104883114518374002790439",
"64454262332086805412704828737206622359",
"236140884305776523355892540789865807574",
"153336709126352052758112735148905899679",
"31377849021423607495904267593121150756",
"238769940960044662172765831089931524544",
"81098403367417136783006037704082788478",
"51827213460557364345719534556334902980",
"191418956654247562735926728659014972090",
"115988239015902885453971979046210904656",
"204180771395020458451583621508510201132",
"199645093322366396782428046900108468049",
"153111474359541123152405185688874873236",
"208669678462544222830419350908637931312",
"293828640975033680040692157692155978758",
"177700100071828633901527881869930075299",
"74837920887297519773133792580998496808"
]
},
"target": {
"file": "src/regcomp.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c",
"deprecated": false,
"id": "CVE-2019-13225-a8853a59",
"signature_type": "Function",
"digest": {
"length": 2277.0,
"function_hash": "136352198404887022080578989389975003742"
},
"target": {
"file": "src/regcomp.c",
"function": "compile_length_bag_node"
}
},
{
"signature_version": "v1",
"source": "https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c",
"deprecated": false,
"id": "CVE-2019-13225-e8f9d8ee",
"signature_type": "Function",
"digest": {
"length": 2316.0,
"function_hash": "186066642544576952066181731115535465672"
},
"target": {
"file": "src/regcomp.c",
"function": "compile_bag_node"
}
}
]
}