Published: 24/05/2017 Updated: 02/06/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oniguruma project oniguruma 6.2.0
php php
ruby-lang ruby

Debian Bug report logs - #863314 libonig: CVE-2017-9226 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:42:01 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...

Debian Bug report logs - #863316 libonig: CVE-2017-9228 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:45:04 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...

Debian Bug report logs - #863312 libonig: CVE-2017-9224 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:36:10 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...

Debian Bug report logs - #863313 libonig: CVE-2017-9225 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:39:02 UTC Severity: important Tags: patch, security, upstream Found in version libonig/6 ...

Debian Bug report logs - #863318 libonig: CVE-2017-9229 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:48:04 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...

Debian Bug report logs - #863315 libonig: CVE-2017-9227 Package: src:libonig; Maintainer for src:libonig is Jörg Frings-Fürst <debian@jffemail>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 May 2017 11:45:01 UTC Severity: important Tags: patch, security, upstream Found in version libonig/5 ...

ALAS-2018-946 Amazon Linux 2 Security Advisory: ALAS-2018-946 Advisory Release Date: 2018-02-07 17:29 Pacific Advisory Updated Date: 2018-02-07 18:33 Pacifi ...

CWE-787 https://github.com/kkos/oniguruma/issues/56 https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863314

CVE-2017-9225

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect