UBUNTU-CVE-2019-13224

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2019-13224
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-13224.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-13224
Upstream
Downstream
Related
Published
2019-07-10T00:00:00Z
Modified
2025-07-18T16:45:11Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A use-after-free in onignewdeluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onignewdeluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libonig

Package

Name
libonig
Purl
pkg:deb/ubuntu/libonig@5.9.1-1ubuntu1.1+esm1?arch=source&distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.1-1ubuntu1.1+esm1

Affected versions

5.*

5.9.1-1
5.9.1-1ubuntu1
5.9.1-1ubuntu1.1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libonig-dev",
            "binary_version": "5.9.1-1ubuntu1.1+esm1"
        },
        {
            "binary_name": "libonig-dev-dbgsym",
            "binary_version": "5.9.1-1ubuntu1.1+esm1"
        },
        {
            "binary_name": "libonig2",
            "binary_version": "5.9.1-1ubuntu1.1+esm1"
        },
        {
            "binary_name": "libonig2-dbg",
            "binary_version": "5.9.1-1ubuntu1.1+esm1"
        },
        {
            "binary_name": "libonig2-dbgsym",
            "binary_version": "5.9.1-1ubuntu1.1+esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / groonga

Package

Name
groonga
Purl
pkg:deb/ubuntu/groonga@6.0.1-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.6.1-2ubuntu2
4.0.6.1-2ubuntu3

5.*

5.1.1-1ubuntu2
5.1.2-1ubuntu1

6.*

6.0.0-1ubuntu2
6.0.1-1ubuntu1

Ubuntu:Pro:16.04:LTS / libevhtp

Package

Name
libevhtp
Purl
pkg:deb/ubuntu/libevhtp@1.2.11-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-3
1.2.11-1

Ubuntu:Pro:16.04:LTS / libonig

Package

Name
libonig
Purl
pkg:deb/ubuntu/libonig@5.9.6-1ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.6-1ubuntu0.1+esm1

Affected versions

5.*

5.9.6-1
5.9.6-1ubuntu0.1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libonig-dev",
            "binary_version": "5.9.6-1ubuntu0.1+esm1"
        },
        {
            "binary_name": "libonig-dev-dbgsym",
            "binary_version": "5.9.6-1ubuntu0.1+esm1"
        },
        {
            "binary_name": "libonig2",
            "binary_version": "5.9.6-1ubuntu0.1+esm1"
        },
        {
            "binary_name": "libonig2-dbg",
            "binary_version": "5.9.6-1ubuntu0.1+esm1"
        },
        {
            "binary_name": "libonig2-dbgsym",
            "binary_version": "5.9.6-1ubuntu0.1+esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / mudlet

Package

Name
mudlet
Purl
pkg:deb/ubuntu/mudlet@1:2.1-2build2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.1-2build1
1:2.1-2build2

Ubuntu:Pro:18.04:LTS / groonga

Package

Name
groonga
Purl
pkg:deb/ubuntu/groonga@8.0.0-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.6-1
7.0.8-1
7.0.9-1
7.1.0-1
7.1.1-1
7.1.1-1build1

8.*

8.0.0-1

Ubuntu:Pro:18.04:LTS / libonig

Package

Name
libonig
Purl
pkg:deb/ubuntu/libonig@6.7.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.0-1ubuntu0.1~esm1

Affected versions

6.*

6.5.0-1
6.6.1-1
6.7.0-1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libonig-dev",
            "binary_version": "6.7.0-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libonig4",
            "binary_version": "6.7.0-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libonig4-dbgsym",
            "binary_version": "6.7.0-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / mudlet

Package

Name
mudlet
Purl
pkg:deb/ubuntu/mudlet@1:3.7.1-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.2.0-1build1
1:3.5.0-1
1:3.7.1-1

Ubuntu:20.04:LTS / libonig

Package

Name
libonig
Purl
pkg:deb/ubuntu/libonig@6.9.2-1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.9.2-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libonig-dev",
            "binary_version": "6.9.2-1"
        },
        {
            "binary_name": "libonig5",
            "binary_version": "6.9.2-1"
        },
        {
            "binary_name": "libonig5-dbgsym",
            "binary_version": "6.9.2-1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / groonga

Package

Name
groonga
Purl
pkg:deb/ubuntu/groonga@9.1.2-1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.7-1
9.0.7-1build1
9.0.8-1
9.0.9-1
9.1.0-1
9.1.1-1
9.1.2-1

Ubuntu:Pro:20.04:LTS / mudlet

Package

Name
mudlet
Purl
pkg:deb/ubuntu/mudlet@1:3.7.1-1.1build1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.7.1-1.1
1:3.7.1-1.1build1

Ubuntu:22.04:LTS / groonga

Package

Name
groonga
Purl
pkg:deb/ubuntu/groonga@12.0.0-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

11.*

11.0.0-2
11.0.7-1
11.0.9-1
11.0.9-1build1
11.1.0-1
11.1.1-1

12.*

12.0.0-1

Ubuntu:24.04:LTS / groonga

Package

Name
groonga
Purl
pkg:deb/ubuntu/groonga@13.1.1+dfsg-1.1build2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

13.*

13.0.1+dfsg-1
13.0.8+dfsg-1
13.0.9+dfsg-1
13.1.1+dfsg-1
13.1.1+dfsg-1.1
13.1.1+dfsg-1.1build2

Ubuntu:25.04 / groonga

Package

Name
groonga
Purl
pkg:deb/ubuntu/groonga@14.1.0+dfsg-3?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

14.*

14.0.5+dfsg-2
14.0.5+dfsg-3
14.1.0+dfsg-1
14.1.0+dfsg-2
14.1.0+dfsg-3