user/php7: multiple vulnerabilities
Bugzilla ID | 194 |
Alias(es) | CVE-2019-11043, CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11050, CVE-2020-7059, CVE-2020-7060 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-09-09 16:31:40 -0500 |
Modified | 2020-04-19 00:53:10 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA4 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13224 |
See also | https://bts.adelielinux.org/show_bug.cgi?id=155 |
Description
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2
allows attackers to potentially cause information disclosure, denial
of service, or possibly code execution by providing a crafted regular
expression. The attacker provides a pair of a regex pattern and a
string, with a multi-byte encoding that gets handled by
onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as
common optional libraries for PHP and Rust.
Already fixed in oniguruma >= 6.9.3 https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
Fixed in php7, unreleased in 7.2 branch https://github.com/php/php-src/commit/087cb7bab2bc0b9673545b9559db21ea38832ab3
Note that CVE-2019-13225 (already fixed in oniguruma >= 6.9.3 https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c) does not apply to php7, since it appears the vulnerable code is not present. https://bugs.php.net/bug.php?id=78380