Skip to main content
CVE-2019-19012 CRITICAL POC THREAT Act Now

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
9.8
EPSS
10.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy