rhsa-2024_0572
Vulnerability from csaf_redhat
Published
2024-01-30 13:30
Modified
2024-09-16 16:51
Summary
Red Hat Security Advisory: oniguruma security update
Notes
Topic
An update for oniguruma is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Oniguruma is a regular expressions library that supports a variety of character encodings.
Security Fix(es):
* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
* oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)
* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for oniguruma is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Oniguruma is a regular expressions library that supports a variety of character encodings. \n\nSecurity Fix(es):\n\n* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n* oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0572",
"url": "https://access.redhat.com/errata/RHSA-2024:0572"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1728970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728970"
},
{
"category": "external",
"summary": "1768997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768997"
},
{
"category": "external",
"summary": "1802051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802051"
},
{
"category": "external",
"summary": "1802061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802061"
},
{
"category": "external",
"summary": "1802068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802068"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0572.json"
}
],
"title": "Red Hat Security Advisory: oniguruma security update",
"tracking": {
"current_release_date": "2024-09-16T16:51:10+00:00",
"generator": {
"date": "2024-09-16T16:51:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:0572",
"initial_release_date": "2024-01-30T13:30:08+00:00",
"revision_history": [
{
"date": "2024-01-30T13:30:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-30T13:30:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T16:51:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "oniguruma-0:6.8.2-2.1.el8_8.src",
"product": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.src",
"product_id": "oniguruma-0:6.8.2-2.1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma@6.8.2-2.1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"product": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"product_id": "oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma@6.8.2-2.1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"product": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"product_id": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debugsource@6.8.2-2.1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"product": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"product_id": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debuginfo@6.8.2-2.1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"product": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"product_id": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-devel@6.8.2-2.1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"product": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"product_id": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma@6.8.2-2.1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"product": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"product_id": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debugsource@6.8.2-2.1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"product": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"product_id": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debuginfo@6.8.2-2.1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"product": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"product_id": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-devel@6.8.2-2.1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "oniguruma-0:6.8.2-2.1.el8_8.i686",
"product": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.i686",
"product_id": "oniguruma-0:6.8.2-2.1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma@6.8.2-2.1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"product": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"product_id": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debugsource@6.8.2-2.1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"product": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"product_id": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debuginfo@6.8.2-2.1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"product": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"product_id": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-devel@6.8.2-2.1.el8_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"product": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"product_id": "oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma@6.8.2-2.1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"product": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"product_id": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debugsource@6.8.2-2.1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"product": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"product_id": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debuginfo@6.8.2-2.1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"product": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"product_id": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-devel@6.8.2-2.1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "oniguruma-0:6.8.2-2.1.el8_8.s390x",
"product": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.s390x",
"product_id": "oniguruma-0:6.8.2-2.1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma@6.8.2-2.1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"product": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"product_id": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debugsource@6.8.2-2.1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"product": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"product_id": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-debuginfo@6.8.2-2.1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"product": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"product_id": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/oniguruma-devel@6.8.2-2.1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.src as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.src",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
},
"product_reference": "oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13224",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728970"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "oniguruma: Use-after-free in onig_new_deluxe() in regext.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ruby versions are not affected as they used Onigmo, which is a fork of Oniguruma, instead. The Onigmo library doesn\u0027t includes the source code containing the related bug.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13224"
},
{
"category": "external",
"summary": "RHBZ#1728970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13224"
}
],
"release_date": "2019-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0572"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "oniguruma: Use-after-free in onig_new_deluxe() in regext.c"
},
{
"cve": "CVE-2019-16163",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2019-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1768997"
}
],
"notes": [
{
"category": "description",
"text": "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16163"
},
{
"category": "external",
"summary": "RHBZ#1768997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16163"
}
],
"release_date": "2019-07-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0572"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c"
},
{
"cve": "CVE-2019-19012",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802051"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability leading to an out-of-bounds read was found in the way Oniguruma handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could crash the application, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affected 32-bit compiled versions of Oniguruma. Therefore it did not affect the following 64-bit versions:\n* PHP and Ruby as shipped with Red Hat Enterprise Linux 7.\n* PHP and Ruby as shipped with Red Hat Software Collections 3.\n* PHP as shipped with Red Hat Enterprise Linux 8.\n* OpenShift containers: openshift4/ose-metering-hadoop, openshift4/ose-metering-hive, openshift4/ose-metering-presto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19012"
},
{
"category": "external",
"summary": "RHBZ#1802051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802051"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19012"
}
],
"release_date": "2019-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0572"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read"
},
{
"cve": "CVE-2019-19203",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802061"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was found in the way Oniguruma handled regular expressions with GB18030 character encoding. A UChar pointer is dereferenced without checking if it passed the end of the matched string, leading to a heap-based buffer over-read. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, might crash the application causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw did not affect the versions of Oniguruma (embedded in php) as shipped with Red Hat Enterprise Linux 5, as they did not include support for GB18030 character encoding, which was introduced in a later version of the library.\n\nThe versions of Ruby as shipped with Red Hat Enterprise Linux and Red Hat Software Collections 3 do not use Oniguruma but rather Onigmo, a regular expressions library forked from Oniguruma focusing on new expressions supported in Perl 5.10+. Those versions are affected by this flaw because both Onigmo and Oniguruma share the same vulnerable code. However, Ruby does perform additional checks which prevent the vulnerable code path to be easily reached, hence lowering the severity of the flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19203"
},
{
"category": "external",
"summary": "RHBZ#1802061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802061"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19203"
}
],
"release_date": "2019-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0572"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c"
},
{
"cve": "CVE-2019-19204",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802068"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19204"
},
{
"category": "external",
"summary": "RHBZ#1802068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802068"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19204"
}
],
"release_date": "2019-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0572"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"AppStream-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.src",
"CRB-8.8.0.Z.EUS:oniguruma-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debuginfo-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-debugsource-0:6.8.2-2.1.el8_8.x86_64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.aarch64",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.i686",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.ppc64le",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.s390x",
"CRB-8.8.0.Z.EUS:oniguruma-devel-0:6.8.2-2.1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c"
}
]
}
Loading...