ALT-PU-2019-2956-1
Package php7-xmlrpc updated to version 7.2.23-alt1 for branch c8.1 in task 239066.
Closed vulnerabilities
Published: 2019-07-11
BDU:2020-01691
Уязвимость функции onig_new_deluxe библиотеки регулярных выражений для многобайтовых строк libonig, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить ее целостность и доступность
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-07-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
- https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
- [debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update
- [debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update
- FEDORA-2019-5409bb5e68
- FEDORA-2019-5409bb5e68
- FEDORA-2019-3f3d0953db
- FEDORA-2019-3f3d0953db
- GLSA-201911-03
- GLSA-201911-03
- https://support.f5.com/csp/article/K00103182
- https://support.f5.com/csp/article/K00103182
- https://support.f5.com/csp/article/K00103182?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K00103182?utm_source=f5support&%3Butm_medium=RSS
- USN-4088-1
- USN-4088-1