ManhNDd/CVE-2019-19204

Releases0

Stars3

Heap-buffer-overflow in Oniguruma (function fetch_interval_quantifier)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-19204 ↗	Nov 21, 2019Thursday, 21 November 2019, 21:15	7.5 HIGH	5 MEDIUM
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.