Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-p5gj-xqc9-yqar

Summary oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c

Aliases

alias	CVE-2019-16163

Fixed_packages

url	pkg:deb/debian/libonig@6.9.4-1?distro=trixie
purl	pkg:deb/debian/libonig@6.9.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.4-1%3Fdistro=trixie

url	pkg:deb/debian/libonig@6.9.6-1.1?distro=trixie
purl	pkg:deb/debian/libonig@6.9.6-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.6-1.1%3Fdistro=trixie

url	pkg:deb/debian/libonig@6.9.6-1.1
purl	pkg:deb/debian/libonig@6.9.6-1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.6-1.1

url	pkg:deb/debian/libonig@6.9.8-1?distro=trixie
purl	pkg:deb/debian/libonig@6.9.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.8-1%3Fdistro=trixie

url	pkg:deb/debian/libonig@6.9.9-1?distro=trixie
purl	pkg:deb/debian/libonig@6.9.9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.9-1%3Fdistro=trixie

url	pkg:deb/debian/libonig@6.9.10-1?distro=trixie
purl	pkg:deb/debian/libonig@6.9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.10-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/libonig@5.2.0-1

purl pkg:deb/debian/libonig@5.2.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vz6-251d-1ye7

vulnerability	VCID-73xb-21qk-gub3

vulnerability	VCID-7tdw-4nwm-gqe8

vulnerability	VCID-apf9-z7zs-jyh7

vulnerability	VCID-b5af-c9yc-rke7

vulnerability	VCID-ge97-dnra-uygw

vulnerability	VCID-gf19-ebyv-u3b5

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-s75c-hjr2-uubw

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@5.2.0-1

url pkg:deb/debian/libonig@5.9.1-1

purl pkg:deb/debian/libonig@5.9.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vz6-251d-1ye7

vulnerability	VCID-73xb-21qk-gub3

vulnerability	VCID-7tdw-4nwm-gqe8

vulnerability	VCID-apf9-z7zs-jyh7

vulnerability	VCID-b5af-c9yc-rke7

vulnerability	VCID-ge97-dnra-uygw

vulnerability	VCID-gf19-ebyv-u3b5

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-s75c-hjr2-uubw

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@5.9.1-1

url pkg:deb/debian/libonig@5.9.5-3.2

purl pkg:deb/debian/libonig@5.9.5-3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vz6-251d-1ye7

vulnerability	VCID-73xb-21qk-gub3

vulnerability	VCID-7tdw-4nwm-gqe8

vulnerability	VCID-apf9-z7zs-jyh7

vulnerability	VCID-b5af-c9yc-rke7

vulnerability	VCID-ge97-dnra-uygw

vulnerability	VCID-gf19-ebyv-u3b5

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-s75c-hjr2-uubw

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@5.9.5-3.2

url pkg:deb/debian/libonig@5.9.5-3.2%2Bdeb8u1

purl pkg:deb/debian/libonig@5.9.5-3.2%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vz6-251d-1ye7

vulnerability	VCID-73xb-21qk-gub3

vulnerability	VCID-7tdw-4nwm-gqe8

vulnerability	VCID-apf9-z7zs-jyh7

vulnerability	VCID-b5af-c9yc-rke7

vulnerability	VCID-ge97-dnra-uygw

vulnerability	VCID-gf19-ebyv-u3b5

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-s75c-hjr2-uubw

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@5.9.5-3.2%252Bdeb8u1

url pkg:deb/debian/libonig@6.1.3-2

purl pkg:deb/debian/libonig@6.1.3-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vz6-251d-1ye7

vulnerability	VCID-73xb-21qk-gub3

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.1.3-2

url pkg:deb/debian/libonig@6.9.1-1

purl pkg:deb/debian/libonig@6.9.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vz6-251d-1ye7

vulnerability	VCID-73xb-21qk-gub3

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libonig@6.9.1-1

url pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_9

purl pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/oniguruma@6.8.2-2.1%3Farch=el8_9

url pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_6

purl pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/oniguruma@6.8.2-2.1%3Farch=el8_6

url pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_8

purl pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j961-etd4-jfdy

vulnerability	VCID-jurp-5mrx-13ce

vulnerability	VCID-khf6-r7w8-c7bm

vulnerability	VCID-p5gj-xqc9-yqar

vulnerability	VCID-xzt6-6k5g-byap

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/oniguruma@6.8.2-2.1%3Farch=el8_8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16163.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16163.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16163

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24648
published_at	2026-04-01T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24486
published_at	2026-05-14T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24455
published_at	2026-05-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24388
published_at	2026-05-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24406
published_at	2026-05-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24724
published_at	2026-04-02T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24763
published_at	2026-04-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24536
published_at	2026-04-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24607
published_at	2026-04-08T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24655
published_at	2026-04-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24671
published_at	2026-04-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2463
published_at	2026-04-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24573
published_at	2026-04-13T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24586
published_at	2026-04-16T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24576
published_at	2026-04-18T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24552
published_at	2026-04-21T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24496
published_at	2026-04-24T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24483
published_at	2026-04-26T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24442
published_at	2026-04-29T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24314
published_at	2026-05-05T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24392
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16163

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16163
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16163

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180
reference_id
reference_type
scores
url	https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180

reference_url	https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3
reference_id
reference_type
scores
url	https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3

reference_url	https://github.com/kkos/oniguruma/issues/147
reference_id
reference_type
scores
url	https://github.com/kkos/oniguruma/issues/147

reference_url	https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1768997
reference_id	1768997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1768997

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939988
reference_id	939988
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939988

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oniguruma_project:oniguruma::::::::
reference_id	cpe:2.3:a:oniguruma_project:oniguruma::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oniguruma_project:oniguruma::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16163

reference_id

CVE-2019-16163

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16163

reference_url	https://access.redhat.com/errata/RHSA-2020:3662
reference_id	RHSA-2020:3662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3662

reference_url	https://access.redhat.com/errata/RHSA-2024:0409
reference_id	RHSA-2024:0409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0409

reference_url	https://access.redhat.com/errata/RHSA-2024:0572
reference_id	RHSA-2024:0572
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0572

reference_url	https://access.redhat.com/errata/RHSA-2024:0889
reference_id	RHSA-2024:0889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0889

reference_url	https://usn.ubuntu.com/4460-1/
reference_id	USN-4460-1
reference_type
scores
url	https://usn.ubuntu.com/4460-1/

reference_url	https://usn.ubuntu.com/USN-5662-1/
reference_id	USN-USN-5662-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5662-1/

Weaknesses

cwe_id	674
name	Uncontrolled Recursion
description	The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

cwe_id	121
name	Stack-based Buffer Overflow
description	A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Exploits

Severity_range_score 3.3 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5gj-xqc9-yqar

Vulnerability Instance