{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-09T15:38:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/k-takata/Onigmo/issues/132"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/k-takata/Onigmo/issues/132", "refsource": "MISC", "url": "https://github.com/k-takata/Onigmo/issues/132"}, {"name": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8", "refsource": "MISC", "url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.296Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/k-takata/Onigmo/issues/132"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16161", "datePublished": "2019-09-09T15:38:30", "dateReserved": "2019-09-09T00:00:00", "dateUpdated": "2024-08-05T01:10:41.296Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:k-takata:onigmo:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3216461-E3C7-4842-B905-AF978F7B71BB", "versionEndIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c."}, {"lang": "es", "value": "Onigmo versiones hasta 6.2.0, presenta una desreferencia del puntero NULL en la funci\u00f3n onig_error_code_to_str debido a fetch_token en el archivo regparse.c."}], "id": "CVE-2019-16161", "lastModified": "2024-11-21T04:30:10.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-09T17:15:13.173", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/k-takata/Onigmo/issues/132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/k-takata/Onigmo/issues/132"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "onigmo: NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c", "id": "1769042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769042"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.", "A NULL pointer dereference vulnerability was found in Onigmo in the way it handled certain types of \"subexp\" regular expressions. A remote attacker could exploit this flaw by providing a malformed regular expression that when processed by an application linked to Onigmo, would crash the application, causing a denial of service."], "name": "CVE-2019-16161", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "oniguruma", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "oniguruma", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:7.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:7.3/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ruby:2.5/ruby", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ruby:2.6/ruby", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "oniguruma", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-php72-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-php73-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "rh-ruby24-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "rh-ruby25-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "rh-ruby26-ruby", "product_name": "Red Hat Software Collections"}], "public_date": "2019-07-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16161\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16161"], "statement": "This flaw does not affect the versions of oniguruma (embedded in php:7.2/php) as shipped with Red Hat Enterprise Linux 8 as they do not include the vulnerable code, which was introduced in a newer version of the package. The same is true for the versions of oniguruma as shipped with Red Hat Enterprise Linux 6, the versions of oniguruma (embedded in php and php53) as shipped with Red Hat Enterprise Linux 5, 6, and 7, and the versions of oniguruma (embedded in rh-php72-php) as shipped with Red Hat Software Collections 3.\nThis flaw does not affect the versions of oniguruma as shipped with Red Hat Enterprise Linux 8 as they already include the patch. The same is true for the versions of oniguruma (embedded in php:7.3/php) as shipped with Red Hat Enterprise Linux 8 and the versions of oniguruma (embedded in rh-php73-php) as shipped with Red Hat Software Collections 3.", "threat_severity": "Low"}