漏洞信息详情
Oniguruma 资源管理错误漏洞
- CNNVD编号:CNNVD-201907-561 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2019-13224
- 漏洞类型: 资源管理错误
- 发布时间: 2019-07-10
- 威胁类型: 远程
- 更新时间: 2021-02-01
- 厂 商:
- 漏洞来源: Ubuntu,Red Hat,Gen...
-
漏洞简介
Oniguruma是一款开源的正则表达式库。
Oniguruma 6.9.2版本中的regext.c文件的‘onig_new_deluxe()’函数存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
参考网址
来源:github.com
链接:https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4088-1/
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-13224
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3899/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3072/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159094/Red-Hat-Security-Advisory-2020-3662-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153971/Ubuntu-Security-Notice-USN-4088-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3899.2/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155207/Gentoo-Linux-Security-Advisory-201911-03.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/libonig-use-after-free-via-onig-new-deluxe-29806
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2664/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3033/
受影响实体
暂无
补丁
暂无
还没有评论,来说两句吧...