Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "src/regparse.c" }, "source": "https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180", "digest": { "line_hashes": [ "83773733581966596482250191695387322099", "253948743243555954681020526515589090570", "54453122623844714737981798310680447964", "69052974475707393895454743329514571701", "43937559343073922495853667109362398329", "294396940348117455125023412336490760560", "125644450960807103806811622442179669997", "95117248718443094578883112649363975969", "149325913195893320588850542248920711865", "94136602293338500756127595133565595811", "62145942553799436534597834056911829402", "163097809115273070675254802152187356158", "133490182317761987383427915924422702546", "269173438651762715530763179731423244953", "252838131286158902064653891793653666137", "187340575856648788820186573299107606421" ], "threshold": 0.9 }, "id": "CVE-2019-16163-86d066bf", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "target": { "function": "parse_exp", "file": "src/regparse.c" }, "source": "https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180", "digest": { "function_hash": "327841194772422318463400507163939334986", "length": 7812.0 }, "id": "CVE-2019-16163-9fb885ac", "signature_version": "v1", "signature_type": "Function" } ] }