CVE-2019-19012 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-19012 Interim 1 40 2025-11-05T02:54:42Z current 2021-05-30T14:33:08Z 2025-11-05T02:54:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-19012 An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-May/001145.html E-Mail link for RHSA-2025:7539 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Linux Enterprise Server 16.0 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed libonig5-6.9.7.1-1.2 libonig5-6.9.8-160000.2.2 libonig5-6.9.8-2.8 libonig5-6.9.8-slfo.1.1_1.2 oniguruma-6.8.2-2.1.el8_9 oniguruma-devel-6.8.2-2.1.el8_9 oniguruma-devel-6.9.7.1-1.2 oniguruma-devel-6.9.8-160000.2.2 ruby-2.5.9-114.module+el8.10.0+23088+750dc6ca ruby-devel-2.5.9-114.module+el8.10.0+23088+750dc6ca ruby-doc-2.5.9-114.module+el8.10.0+23088+750dc6ca ruby-irb-2.5.9-114.module+el8.10.0+23088+750dc6ca ruby-libs-2.5.9-114.module+el8.10.0+23088+750dc6ca rubygem-abrt-0.3.0-4.module+el8.10.0+22021+135c76a8 rubygem-abrt-doc-0.3.0-4.module+el8.10.0+22021+135c76a8 rubygem-bigdecimal-1.3.4-114.module+el8.10.0+23088+750dc6ca rubygem-bson-4.3.0-2.module+el8.9.0+19193+435404ae rubygem-bson-doc-4.3.0-2.module+el8.9.0+19193+435404ae rubygem-bundler-1.16.1-5.module+el8.10.0+23088+750dc6ca rubygem-bundler-doc-1.16.1-5.module+el8.10.0+23088+750dc6ca rubygem-did_you_mean-1.2.0-114.module+el8.10.0+23088+750dc6ca rubygem-io-console-0.4.6-114.module+el8.10.0+23088+750dc6ca rubygem-json-2.1.0-114.module+el8.10.0+23088+750dc6ca rubygem-minitest-5.10.3-114.module+el8.10.0+23088+750dc6ca rubygem-mongo-2.5.1-2.module+el8.9.0+19193+435404ae rubygem-mongo-doc-2.5.1-2.module+el8.9.0+19193+435404ae rubygem-mysql2-0.4.10-4.module+el8.9.0+19193+435404ae rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+19193+435404ae rubygem-net-telnet-0.1.1-114.module+el8.10.0+23088+750dc6ca rubygem-openssl-2.1.2-114.module+el8.10.0+23088+750dc6ca rubygem-pg-1.0.0-3.module+el8.9.0+19193+435404ae rubygem-pg-doc-1.0.0-3.module+el8.9.0+19193+435404ae rubygem-power_assert-1.1.1-114.module+el8.10.0+23088+750dc6ca rubygem-psych-3.0.2-114.module+el8.10.0+23088+750dc6ca rubygem-rake-12.3.3-114.module+el8.10.0+23088+750dc6ca rubygem-rdoc-6.0.1.1-114.module+el8.10.0+23088+750dc6ca rubygem-test-unit-3.2.7-114.module+el8.10.0+23088+750dc6ca rubygem-xmlrpc-0.3.0-114.module+el8.10.0+23088+750dc6ca rubygems-2.7.6.3-114.module+el8.10.0+23088+750dc6ca rubygems-devel-2.7.6.3-114.module+el8.10.0+23088+750dc6ca oniguruma-6.8.2-2.1.el8_9 as a component of SUSE Liberty Linux 8 oniguruma-devel-6.8.2-2.1.el8_9 as a component of SUSE Liberty Linux 8 ruby-2.5.9-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 ruby-devel-2.5.9-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 ruby-doc-2.5.9-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 ruby-irb-2.5.9-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 ruby-libs-2.5.9-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-abrt-0.3.0-4.module+el8.10.0+22021+135c76a8 as a component of SUSE Liberty Linux 8 rubygem-abrt-doc-0.3.0-4.module+el8.10.0+22021+135c76a8 as a component of SUSE Liberty Linux 8 rubygem-bigdecimal-1.3.4-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-bson-4.3.0-2.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-bson-doc-4.3.0-2.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-bundler-1.16.1-5.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-bundler-doc-1.16.1-5.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-did_you_mean-1.2.0-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-io-console-0.4.6-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-json-2.1.0-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-minitest-5.10.3-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-mongo-2.5.1-2.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-mongo-doc-2.5.1-2.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-mysql2-0.4.10-4.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-net-telnet-0.1.1-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-openssl-2.1.2-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-pg-1.0.0-3.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-pg-doc-1.0.0-3.module+el8.9.0+19193+435404ae as a component of SUSE Liberty Linux 8 rubygem-power_assert-1.1.1-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-psych-3.0.2-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-rake-12.3.3-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-rdoc-6.0.1.1-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-test-unit-3.2.7-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygem-xmlrpc-0.3.0-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygems-2.7.6.3-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 rubygems-devel-2.7.6.3-114.module+el8.10.0+23088+750dc6ca as a component of SUSE Liberty Linux 8 libonig5-6.9.8-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 oniguruma-devel-6.9.8-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libonig5-6.9.8-2.8 as a component of SUSE Linux Micro 6.0 libonig5-6.9.8-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 libonig5-6.9.7.1-1.2 as a component of openSUSE Tumbleweed oniguruma-devel-6.9.7.1-1.2 as a component of openSUSE Tumbleweed An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. CVE-2019-19012 SUSE Liberty Linux 8:oniguruma-6.8.2-2.1.el8_9 SUSE Liberty Linux 8:oniguruma-devel-6.8.2-2.1.el8_9 SUSE Liberty Linux 8:ruby-2.5.9-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:ruby-devel-2.5.9-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:ruby-doc-2.5.9-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:ruby-irb-2.5.9-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:ruby-libs-2.5.9-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-abrt-0.3.0-4.module+el8.10.0+22021+135c76a8 SUSE Liberty Linux 8:rubygem-abrt-doc-0.3.0-4.module+el8.10.0+22021+135c76a8 SUSE Liberty Linux 8:rubygem-bigdecimal-1.3.4-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-bson-4.3.0-2.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-bson-doc-4.3.0-2.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-bundler-1.16.1-5.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-bundler-doc-1.16.1-5.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-did_you_mean-1.2.0-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-io-console-0.4.6-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-json-2.1.0-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-minitest-5.10.3-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-mongo-2.5.1-2.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-mongo-doc-2.5.1-2.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-mysql2-0.4.10-4.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-net-telnet-0.1.1-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-openssl-2.1.2-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-pg-1.0.0-3.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-pg-doc-1.0.0-3.module+el8.9.0+19193+435404ae SUSE Liberty Linux 8:rubygem-power_assert-1.1.1-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-psych-3.0.2-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-rake-12.3.3-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-rdoc-6.0.1.1-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-test-unit-3.2.7-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygem-xmlrpc-0.3.0-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygems-2.7.6.3-114.module+el8.10.0+23088+750dc6ca SUSE Liberty Linux 8:rubygems-devel-2.7.6.3-114.module+el8.10.0+23088+750dc6ca SUSE Linux Enterprise Server 16.0:libonig5-6.9.8-160000.2.2 SUSE Linux Enterprise Server 16.0:oniguruma-devel-6.9.8-160000.2.2 SUSE Linux Micro 6.0:libonig5-6.9.8-2.8 SUSE Linux Micro 6.1:libonig5-6.9.8-slfo.1.1_1.2 openSUSE Tumbleweed:libonig5-6.9.7.1-1.2 openSUSE Tumbleweed:oniguruma-devel-6.9.7.1-1.2 moderate