Candidate: CVE-2019-13225
PublicDate: 2019-07-10 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13225
 https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
Description:
 A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2
 allows attackers to potentially cause denial of service by providing a
 crafted regular expression. Oniguruma issues often affect Ruby, as well as
 common optional libraries for PHP and Rust.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_libonig:
upstream_libonig: released (6.9.2-1)
precise/esm_libonig: DNE
trusty_libonig: ignored (out of standard support)
trusty/esm_libonig: not-affected (code not present)
xenial_libonig: not-affected (code not present)
bionic_libonig: not-affected (code not present)
cosmic_libonig: not-affected (code not present)
disco_libonig: ignored (reached end-of-life)
eoan_libonig: released (6.9.2-1)
devel_libonig: released (6.9.2-1)