Oniguruma is a regular expressions library that supports a variety of character encodings.
Security Fix(es):
- oniguruma: Use-after-free in onignewdeluxe() in regext.c (CVE-2019-13224)
- oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
- oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read (CVE-2019-19012)
- oniguruma: Heap-based buffer over-read in function gb18030mbcenc_len in file gb18030.c (CVE-2019-19203)
- oniguruma: Heap-based buffer over-read in function fetchintervalquantifier in regparse.c (CVE-2019-19204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.