| Bug | stretch | buster | bullseye | sid | Description |
|---|
| CVE-2020-26159 | fixed | vulnerable (no DSA) | vulnerable | vulnerable | In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expressi ... |
| CVE-2019-19246 | fixed | vulnerable (no DSA) | fixed | fixed | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ... |
| CVE-2019-19204 | fixed | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ... |
| CVE-2019-19203 | fixed | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ... |
| CVE-2019-19012 | fixed | vulnerable (no DSA) | fixed | fixed | An integer overflow in the search_in_range function in regexec.c in On ... |
| CVE-2019-16163 | fixed | vulnerable (no DSA) | fixed | fixed | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ... |
| CVE-2019-13225 | fixed | vulnerable (no DSA) | fixed | fixed | A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9 ... |
| CVE-2019-13224 | fixed | vulnerable (no DSA) | fixed | fixed | A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ... |