Bug 1802051 (CVE-2019-19012)
| Summary: | CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anpicker, bmontgom, carl, eparis, erooth, hhorak, jburrell, jjoyce, jkucera, jokerman, jorton, jschluet, ktdreyer, lcosic, lhh, lpeer, mburns, mcascell, mtasaka, no1youknowz, nstielau, rcollet, ruby-maint, sclewis, slinaber, sponnaga, surbania, vondruch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Oniguruma 6.9.4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An integer overflow vulnerability leading to an out-of-bounds read was found in the way Oniguruma handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could crash the application, causing a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-28 10:59:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1802053, 1802052, 1813299, 1813300, 1813301, 1814167 | ||
| Bug Blocks: | 1802075 | ||
|
Description
Dhananjay Arunesh
2020-02-12 09:30:47 UTC
Created oniguruma tracking bugs for this issue: Affects: epel-7 [bug 1802053] Affects: fedora-30 [bug 1802052] The Oniguruma library which is only packaged in OpenShift 4.x, is the 64-bit version which is not vulnerable to this flaw. Statement: This flaw only affected 32-bit compiled versions of Oniguruma. Therefore it did not affect the following 64-bit versions: * PHP and Ruby as shipped with Red Hat Enterprise Linux 7. * PHP and Ruby as shipped with Red Hat Software Collections 3. * PHP as shipped with Red Hat Enterprise Linux 8. * OpenShift containers: openshift4/ose-metering-hadoop, openshift4/ose-metering-hive, openshift4/ose-metering-presto. Created oniguruma tracking bugs for this issue: Affects: openstack-rdo [bug 1814167] (In reply to Mauro Matteo Cascella from comment #4) > Upstream fix: > https://github.com/kkos/oniguruma/commit/ > 0463e21432515631a9bc925ce5eb95b097c73719 There is more than this: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4 https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0409 https://access.redhat.com/errata/RHSA-2024:0409 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0572 https://access.redhat.com/errata/RHSA-2024:0572 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0889 https://access.redhat.com/errata/RHSA-2024:0889 |