An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
{ "vanir_signatures": [ { "id": "CVE-2019-19012-563c27e4", "signature_type": "Line", "target": { "file": "harnesses/encode-harness.c" }, "digest": { "line_hashes": [ "18679750778586343771741350755993589288", "103368106136942227172244566078932066273", "257727887412231991059145261695986113402", "99731926145027407046045989165921264745", "173237864390474915165548571384207574271", "290228417168798604629944627181754726158", "215947174697766211659352546659917433609", "174440583955296606380940663435750254051", "250394807291303202205505094138654332177" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/kkos/oniguruma/commit/681824e81bb5fc9bbd4dfbe7a07135337129537e" }, { "id": "CVE-2019-19012-718d8559", "signature_type": "Function", "target": { "file": "harnesses/encode-harness.c", "function": "LLVMFuzzerTestOneInput" }, "digest": { "function_hash": "267334844810435515714121622196231420596", "length": 2816.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/kkos/oniguruma/commit/681824e81bb5fc9bbd4dfbe7a07135337129537e" } ] }