Multiple vulnerabilities in Oniguruma



Published: 2019-11-18 | Updated: 2019-11-29
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-19012
CVE-2019-19204
CVE-2019-19203
CVE-2019-19246
CWE-ID CWE-190
CWE-126
CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
Oniguruma
Universal components / Libraries / Libraries used by multiple products

Vendor K.Kosako

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

Updated 22.11.2019
Added vulnerabilities #2,3
Updated 29.11.2019
Added vulnerability #4, updated list of fixed software versions.

1) Integer overflow

EUVDB-ID: #VU22814

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-19012

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to integer overflow in the "search_in_range" function in "regexec.c". A remote attacker can use a specially crafted regular expression, trigger out-of-bounds read and cause a denial-of-service or information disclosure on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oniguruma: 6.0.0 - 6.9.4 rc1

External links

http://github.com/kkos/oniguruma/issues/164
http://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Buffer Over-read

EUVDB-ID: #VU22933

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-19204

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "fetch_interval_quantifier" function (formerly known as fetch_range_quantifier) in "regparse.c" file due to the PFETCH is called without checking PEND. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oniguruma: 6.0.0 - 6.9.4 rc1

External links

http://github.com/kkos/oniguruma/issues/162
http://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Buffer Over-read

EUVDB-ID: #VU22932

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-19203

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "gb18030_mbc_enc_len" function in "gb18030.c" file due to the UChar pointer is dereferenced without checking if it passed the end of the matched string. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oniguruma: 6.0.0 - 6.9.4 rc1

External links

http://github.com/kkos/oniguruma/issues/163
http://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Out-of-bounds read

EUVDB-ID: #VU23097

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19246

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in str_lower_case_match in regexec.c, if used with PPH 7.3. A remote attacker can perform a denial of service attack or gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oniguruma: 6.9.0 - 6.9.3

External links

http://bugs.php.net/bug.php?id=78559
http://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###