vulnerability
Oracle Linux: CVE-2019-19203: ELSA-2020-3662: php:7.3 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Nov 6, 2019 | Sep 10, 2020 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 6, 2019
Added
Sep 10, 2020
Modified
Dec 3, 2025
Description
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An out-of-bounds read vulnerability was found in the way Oniguruma handled regular expressions with GB18030 character encoding. A UChar pointer is dereferenced without checking if it passed the end of the matched string, leading to a heap-based buffer over-read. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, might crash the application causing a denial of service.
An out-of-bounds read vulnerability was found in the way Oniguruma handled regular expressions with GB18030 character encoding. A UChar pointer is dereferenced without checking if it passed the end of the matched string, leading to a heap-based buffer over-read. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, might crash the application causing a denial of service.
Solutions
oracle-linux-upgrade-apcu-paneloracle-linux-upgrade-libziporacle-linux-upgrade-libzip-develoracle-linux-upgrade-libzip-toolsoracle-linux-upgrade-onigurumaoracle-linux-upgrade-oniguruma-develoracle-linux-upgrade-phporacle-linux-upgrade-php-bcmathoracle-linux-upgrade-php-clioracle-linux-upgrade-php-commonoracle-linux-upgrade-php-dbaoracle-linux-upgrade-php-dbgoracle-linux-upgrade-php-develoracle-linux-upgrade-php-embeddedoracle-linux-upgrade-php-enchantoracle-linux-upgrade-php-fpmoracle-linux-upgrade-php-gdoracle-linux-upgrade-php-gmporacle-linux-upgrade-php-intloracle-linux-upgrade-php-jsonoracle-linux-upgrade-php-ldaporacle-linux-upgrade-php-mbstringoracle-linux-upgrade-php-mysqlndoracle-linux-upgrade-php-odbcoracle-linux-upgrade-php-opcacheoracle-linux-upgrade-php-pdooracle-linux-upgrade-php-pearoracle-linux-upgrade-php-pecl-apcuoracle-linux-upgrade-php-pecl-apcu-develoracle-linux-upgrade-php-pecl-rrdoracle-linux-upgrade-php-pecl-xdebugoracle-linux-upgrade-php-pecl-ziporacle-linux-upgrade-php-pgsqloracle-linux-upgrade-php-processoracle-linux-upgrade-php-recodeoracle-linux-upgrade-php-snmporacle-linux-upgrade-php-soaporacle-linux-upgrade-php-xmloracle-linux-upgrade-php-xmlrpc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.