Vulnerabilities > Oniguruma Project > Oniguruma > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-17 CVE-2019-19012 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker.
network
low complexity
oniguruma-project debian fedoraproject redhat CWE-190
critical
 9.8
9.8
2019-07-10 CVE-2019-13224 Use After Free vulnerability in multiple products
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression.
network
low complexity
oniguruma-project php fedoraproject debian canonical CWE-416
critical
 9.8
9.8