SUSE update for oniguruma



Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2019-13224
CVE-2019-16163
CVE-2019-19203
CVE-2019-19204
CVE-2019-19246
CVE-2020-26159
CWE-ID CWE-416
CWE-400
CWE-126
CWE-125
CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Vulnerable software
 openSUSE Leap Micro
Operating systems & Components / Operating system

SUSE Enterprise Storage
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Storage
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Basesystem
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop
Operating systems & Components / Operating system

SUSE CaaS Platform
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications
Operating systems & Components / Operating system

oniguruma-devel
Operating systems & Components / Operating system package or component

oniguruma-debugsource
Operating systems & Components / Operating system package or component

libonig4-debuginfo
Operating systems & Components / Operating system package or component

libonig4
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU20904

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-13224

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the onig_new_deluxe() function in regext.c in Oniguruma library when processing regular expressions. A remote attacker can pass specially crafted input to the application using the vulnerable library version, trigger use-after-free error and perform denial of service attack or execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected package oniguruma to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.2

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.1 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.1 - 4.3

SUSE Manager Proxy: 4.1 - 4.3

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP4

SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

oniguruma-devel: before 6.7.0-150000.3.3.1

oniguruma-debugsource: before 6.7.0-150000.3.3.1

libonig4-debuginfo: before 6.7.0-150000.3.3.1

libonig4: before 6.7.0-150000.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223327-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU30789

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-16163

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Mitigation

Update the affected package oniguruma to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.2

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.1 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.1 - 4.3

SUSE Manager Proxy: 4.1 - 4.3

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP4

SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

oniguruma-devel: before 6.7.0-150000.3.3.1

oniguruma-debugsource: before 6.7.0-150000.3.3.1

libonig4-debuginfo: before 6.7.0-150000.3.3.1

libonig4: before 6.7.0-150000.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223327-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer Over-read

EUVDB-ID: #VU22932

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2019-19203

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "gb18030_mbc_enc_len" function in "gb18030.c" file due to the UChar pointer is dereferenced without checking if it passed the end of the matched string. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Update the affected package oniguruma to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.2

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.1 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.1 - 4.3

SUSE Manager Proxy: 4.1 - 4.3

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP4

SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

oniguruma-devel: before 6.7.0-150000.3.3.1

oniguruma-debugsource: before 6.7.0-150000.3.3.1

libonig4-debuginfo: before 6.7.0-150000.3.3.1

libonig4: before 6.7.0-150000.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223327-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Buffer Over-read

EUVDB-ID: #VU22933

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2019-19204

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "fetch_interval_quantifier" function (formerly known as fetch_range_quantifier) in "regparse.c" file due to the PFETCH is called without checking PEND. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Update the affected package oniguruma to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.2

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.1 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.1 - 4.3

SUSE Manager Proxy: 4.1 - 4.3

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP4

SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

oniguruma-devel: before 6.7.0-150000.3.3.1

oniguruma-debugsource: before 6.7.0-150000.3.3.1

libonig4-debuginfo: before 6.7.0-150000.3.3.1

libonig4: before 6.7.0-150000.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223327-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Out-of-bounds read

EUVDB-ID: #VU23097

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-19246

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in str_lower_case_match in regexec.c, if used with PPH 7.3. A remote attacker can perform a denial of service attack or gain access to sensitive information.

Mitigation

Update the affected package oniguruma to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.2

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.1 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.1 - 4.3

SUSE Manager Proxy: 4.1 - 4.3

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP4

SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

oniguruma-devel: before 6.7.0-150000.3.3.1

oniguruma-debugsource: before 6.7.0-150000.3.3.1

libonig4-debuginfo: before 6.7.0-150000.3.3.1

libonig4: before 6.7.0-150000.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223327-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU47647

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-26159

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .

Mitigation

Update the affected package oniguruma to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.2

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.1 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.1 - 4.3

SUSE Manager Proxy: 4.1 - 4.3

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP4

SUSE Linux Enterprise Desktop: 15-SP3 - 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

oniguruma-devel: before 6.7.0-150000.3.3.1

oniguruma-debugsource: before 6.7.0-150000.3.3.1

libonig4-debuginfo: before 6.7.0-150000.3.3.1

libonig4: before 6.7.0-150000.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2022/suse-su-20223327-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###