WindTerm icon indicating copy to clipboard operation
WindTerm copied to clipboard
verified publisher icon kingToolbox

Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()

Open npt-1707 opened this issue 1 year ago • 1 comments

Description This PR fixes a use-after-free in onig_new_deluxe() in regext.c in Oniguruma which was cloned from kkos/oniguruma@0f7f61e but did not receive the security patch. This PR applies the same patch to handle the vulnerability.

References: https://github.com/kkos/oniguruma/commit/0f7f61e https://nvd.nist.gov/vuln/detail/CVE-2019-13224

npt-1707 avatar Apr 14 '25 20:04 npt-1707

https://github.com/kingToolbox/WindTerm/pull/2823#pullrequestreview-2788928136

@aazizmoussa, that's normal.

RokeJulianLockhart avatar May 29 '25 18:05 RokeJulianLockhart