Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-9224

Published: 24/05/2017 Updated: 20/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oniguruma Project

Vulnerability Summary

An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oniguruma project oniguruma 6.2.0

php php

Vendor Advisories

Red Hat: Moderate: rh-php70-php security, bug fix, and enhancement update
Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Ubuntu Security Notice: php5, php7.0 vulnerabilities
Several security issues were fixed in PHP ...
Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian CVElist Bug Report Logs: libonig: CVE-2017-9226
Debian Bug report logs - #863314 libonig: CVE-2017-9226 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:42:01 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...
Debian CVElist Bug Report Logs: libonig: CVE-2017-9228
Debian Bug report logs - #863316 libonig: CVE-2017-9228 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:45:04 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...
Debian CVElist Bug Report Logs: libonig: CVE-2017-9224
Debian Bug report logs - #863312 libonig: CVE-2017-9224 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:36:10 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...
Debian CVElist Bug Report Logs: libonig: CVE-2017-9225
Debian Bug report logs - #863313 libonig: CVE-2017-9225 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:39:02 UTC Severity: important Tags: patch, security, upstream Found in version libonig/6 ...
Debian CVElist Bug Report Logs: libonig: CVE-2017-9229
Debian Bug report logs - #863318 libonig: CVE-2017-9229 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:48:04 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...
Debian CVElist Bug Report Logs: libonig: CVE-2017-9227
Debian Bug report logs - #863315 libonig: CVE-2017-9227 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:45:01 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...
Amazon Linux 2: ALAS2-2023-2217
An issue was discovered in Oniguruma 620, as used in Oniguruma-mod in Ruby through 241 and mbstring in PHP through 715 A stack out-of-bounds read occurs in match_at() during regular expression searching A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017 ...
Amazon Linux 2: ALAS2-2023-2201
An issue was discovered in Oniguruma 620, as used in Oniguruma-mod in Ruby through 241 and mbstring in PHP through 715 A stack out-of-bounds read occurs in match_at() during regular expression searching A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017 ...
Amazon Linux AMI: ALAS-2017-871
Out-of-bounds heap write in bitset_set_range()An issue was discovered in Oniguruma 620, as used in Oniguruma-mod in Ruby through 241 and mbstring in PHP through 715 A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition An incorrect st ...
Amazon Linux AMI: ALAS-2023-1824
An issue was discovered in Oniguruma 620, as used in Oniguruma-mod in Ruby through 241 and mbstring in PHP through 715 A stack out-of-bounds read occurs in match_at() during regular expression searching A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017 ...
Amazon Linux AMI: ALAS-2017-867
Out-of-bounds heap write in bitset_set_range():An issue was discovered in Oniguruma 620, as used in Oniguruma-mod in Ruby through 241 and mbstring in PHP through 715 A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition An incorrect s ...

References

CWE-125https://github.com/kkos/oniguruma/issues/57https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059bhttps://access.redhat.com/errata/RHSA-2018:1296http://www.securityfocus.com/bid/101244https://access.redhat.com/errata/RHSA-2018:1296https://nvd.nist.govhttps://usn.ubuntu.com/3382-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook