ALAS-2019-1295ID: oval:org.secpod.oval:def:1601064 | Date: (C)2019-10-04 (M)2024-02-19 |
Class: PATCH | Family: unix |
A use-after-free in onig_new_deluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. A NULL Pointer Dereference in match_at in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust
Platform: |
Amazon Linux AMI |