An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. Reference: https://github.com/kkos/oniguruma/issues/164 https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 https://github.com/tarantula-team/CVE-2019-19012
Created oniguruma tracking bugs for this issue: Affects: epel-7 [bug 1802053] Affects: fedora-30 [bug 1802052]
The Oniguruma library which is only packaged in OpenShift 4.x, is the 64-bit version which is not vulnerable to this flaw.
Upstream fix: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
Statement: This flaw only affected 32-bit compiled versions of Oniguruma. Therefore it did not affect the following 64-bit versions: * PHP and Ruby as shipped with Red Hat Enterprise Linux 7. * PHP and Ruby as shipped with Red Hat Software Collections 3. * PHP as shipped with Red Hat Enterprise Linux 8. * OpenShift containers: openshift4/ose-metering-hadoop, openshift4/ose-metering-hive, openshift4/ose-metering-presto.
Created oniguruma tracking bugs for this issue: Affects: openstack-rdo [bug 1814167]
(In reply to Mauro Matteo Cascella from comment #4) > Upstream fix: > https://github.com/kkos/oniguruma/commit/ > 0463e21432515631a9bc925ce5eb95b097c73719 There is more than this: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4 https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0409 https://access.redhat.com/errata/RHSA-2024:0409
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0572 https://access.redhat.com/errata/RHSA-2024:0572
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0889 https://access.redhat.com/errata/RHSA-2024:0889