Search for packages
| purl | pkg:deb/debian/libonig@6.9.6-1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1y4w-7sqk-aaad | A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. |
CVE-2019-13225
|
| VCID-761z-8m2h-aaaq | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. |
CVE-2019-13224
|
| VCID-f16c-amc9-aaae | An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. |
CVE-2019-19012
|
| VCID-gvfv-rq6n-aaaq | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. |
CVE-2019-19204
|
| VCID-mpjk-r7xj-aaaq | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. |
CVE-2019-19246
|
| VCID-tdpv-tbk4-aaag | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. |
CVE-2019-19203
|
| VCID-xe76-b24z-aaab | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. |
CVE-2019-16163
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T16:25:51.624064+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 36.1.3 |
| 2025-06-22T10:52:57.172260+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | None | 36.1.3 |
| 2025-06-21T19:55:34.326381+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T13:38:21.681185+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | None | 36.1.3 |
| 2025-06-21T10:19:57.660875+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T08:36:02.837620+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 36.1.3 |
| 2025-06-21T06:13:12.652038+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T05:54:23.264433+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 36.1.3 |
| 2025-06-21T05:30:56.604539+00:00 | Debian Oval Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 36.1.3 |
| 2025-06-21T05:23:17.198622+00:00 | Debian Oval Importer | Fixing | VCID-761z-8m2h-aaaq | None | 36.1.3 |
| 2025-06-21T05:07:35.154095+00:00 | Debian Oval Importer | Fixing | VCID-xe76-b24z-aaab | None | 36.1.3 |
| 2025-06-21T04:30:32.592649+00:00 | Debian Oval Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 36.1.3 |
| 2025-06-21T04:29:17.943208+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T02:21:06.487718+00:00 | Debian Oval Importer | Fixing | VCID-f16c-amc9-aaae | None | 36.1.3 |
| 2025-06-21T02:12:58.178167+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | None | 36.1.3 |
| 2025-06-21T02:11:15.432878+00:00 | Debian Oval Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 36.1.3 |
| 2025-06-21T02:10:01.891048+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 36.1.3 |
| 2025-06-21T01:38:27.375577+00:00 | Debian Oval Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 36.1.3 |
| 2025-06-20T21:19:05.782929+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-08T13:12:05.328036+00:00 | Debian Oval Importer | Fixing | VCID-f16c-amc9-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T13:00:14.844404+00:00 | Debian Oval Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:11:30.680305+00:00 | Debian Oval Importer | Fixing | VCID-xe76-b24z-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-07T23:08:49.055937+00:00 | Debian Oval Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 36.1.0 |
| 2025-06-07T23:01:01.063183+00:00 | Debian Oval Importer | Fixing | VCID-761z-8m2h-aaaq | None | 36.1.0 |
| 2025-06-07T22:45:02.793761+00:00 | Debian Oval Importer | Fixing | VCID-xe76-b24z-aaab | None | 36.1.0 |
| 2025-06-07T22:06:56.988944+00:00 | Debian Oval Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 36.1.0 |
| 2025-06-07T19:44:55.891003+00:00 | Debian Oval Importer | Fixing | VCID-f16c-amc9-aaae | None | 36.1.0 |
| 2025-06-07T19:35:00.947173+00:00 | Debian Oval Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 36.1.0 |
| 2025-06-07T19:01:32.162042+00:00 | Debian Oval Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 36.1.0 |
| 2025-04-12T22:18:11.315022+00:00 | Debian Oval Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:26:09.729778+00:00 | Debian Oval Importer | Fixing | VCID-761z-8m2h-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:08:23.677706+00:00 | Debian Oval Importer | Fixing | VCID-tdpv-tbk4-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:27:52.611293+00:00 | Debian Oval Importer | Fixing | VCID-1y4w-7sqk-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:59:51.718860+00:00 | Debian Oval Importer | Fixing | VCID-f16c-amc9-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:47:36.864920+00:00 | Debian Oval Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:57:11.401997+00:00 | Debian Oval Importer | Fixing | VCID-xe76-b24z-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-07T21:40:51.961883+00:00 | Debian Oval Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 36.0.0 |
| 2025-04-07T21:33:01.928251+00:00 | Debian Oval Importer | Fixing | VCID-761z-8m2h-aaaq | None | 36.0.0 |
| 2025-04-07T21:16:53.952422+00:00 | Debian Oval Importer | Fixing | VCID-xe76-b24z-aaab | None | 36.0.0 |
| 2025-04-07T20:38:16.952637+00:00 | Debian Oval Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 36.0.0 |
| 2025-04-07T18:22:43.865755+00:00 | Debian Oval Importer | Fixing | VCID-f16c-amc9-aaae | None | 36.0.0 |
| 2025-04-07T18:12:43.211390+00:00 | Debian Oval Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 36.0.0 |
| 2025-04-07T17:39:23.660504+00:00 | Debian Oval Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 36.0.0 |
| 2025-04-07T07:48:47.119548+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-06T19:43:12.164976+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-06T09:36:15.183530+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 36.0.0 |
| 2025-04-06T04:12:55.853505+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | None | 36.0.0 |
| 2025-04-05T16:06:23.783656+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T10:10:53.719164+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | None | 36.0.0 |
| 2025-04-05T07:35:51.482581+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T05:51:59.331992+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 36.0.0 |
| 2025-04-05T03:28:03.547066+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T03:09:08.513157+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 36.0.0 |
| 2025-04-04T07:18:37.787727+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T04:58:39.670609+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | None | 36.0.0 |
| 2025-04-04T04:55:39.947549+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 36.0.0 |
| 2025-04-03T23:57:16.154504+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-02-19T08:25:31.269624+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T08:25:29.182174+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 35.1.0 |
| 2025-02-19T08:24:01.806807+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T08:23:59.703477+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 35.1.0 |
| 2025-02-19T08:23:56.808471+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 35.1.0 |
| 2025-02-19T08:23:56.035706+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T08:06:30.385438+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T08:06:28.305987+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | None | 35.1.0 |
| 2025-02-19T07:25:02.438150+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | None | 35.1.0 |
| 2025-02-19T07:25:01.725913+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T05:49:56.812532+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 35.1.0 |
| 2025-02-19T05:49:56.143474+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T05:49:54.089921+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T05:49:52.581216+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | None | 35.1.0 |
| 2024-04-24T15:22:54.550924+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T15:22:52.173025+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 34.0.0rc4 |
| 2024-04-24T15:21:14.207589+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T15:21:11.840522+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 34.0.0rc4 |
| 2024-04-24T15:21:06.595185+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 34.0.0rc4 |
| 2024-04-24T15:21:04.904750+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T15:09:49.312122+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T15:09:46.899059+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | None | 34.0.0rc4 |
| 2024-04-24T14:49:01.925265+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | None | 34.0.0rc4 |
| 2024-04-24T14:49:01.160065+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T14:09:38.913949+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 34.0.0rc4 |
| 2024-04-24T14:09:38.061635+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T14:09:35.521945+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T14:09:32.332202+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | None | 34.0.0rc4 |
| 2024-01-10T17:53:02.596798+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T17:53:00.127946+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 34.0.0rc2 |
| 2024-01-10T17:51:50.635802+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T17:51:47.972886+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 34.0.0rc2 |
| 2024-01-10T17:51:43.728380+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 34.0.0rc2 |
| 2024-01-10T17:51:42.540555+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T17:46:20.640603+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T17:46:15.186395+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | None | 34.0.0rc2 |
| 2024-01-10T17:32:00.782893+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | None | 34.0.0rc2 |
| 2024-01-10T17:31:59.932222+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T16:52:58.463014+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 34.0.0rc2 |
| 2024-01-10T16:52:56.855580+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T16:52:52.726143+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T16:52:50.365220+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | None | 34.0.0rc2 |
| 2024-01-04T07:26:49.980857+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T07:26:47.599389+00:00 | Debian Importer | Fixing | VCID-mpjk-r7xj-aaaq | None | 34.0.0rc1 |
| 2024-01-04T07:25:44.024518+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T07:25:41.460426+00:00 | Debian Importer | Fixing | VCID-gvfv-rq6n-aaaq | None | 34.0.0rc1 |
| 2024-01-04T07:25:38.232721+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | None | 34.0.0rc1 |
| 2024-01-04T07:25:37.431866+00:00 | Debian Importer | Fixing | VCID-tdpv-tbk4-aaag | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T07:21:20.240060+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T07:21:17.876755+00:00 | Debian Importer | Fixing | VCID-f16c-amc9-aaae | None | 34.0.0rc1 |
| 2024-01-04T07:08:52.596828+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | None | 34.0.0rc1 |
| 2024-01-04T07:08:51.740609+00:00 | Debian Importer | Fixing | VCID-xe76-b24z-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T06:34:20.849657+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | None | 34.0.0rc1 |
| 2024-01-04T06:34:20.091269+00:00 | Debian Importer | Fixing | VCID-1y4w-7sqk-aaad | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T06:34:17.408066+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T06:34:15.767945+00:00 | Debian Importer | Fixing | VCID-761z-8m2h-aaaq | None | 34.0.0rc1 |