CVE-2017-9224

Published: 5/24/2017 Last updated: 8/5/2024 Reserved: 5/24/2017

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-oniguruma

Products affected (1)

Product	Vendor	Version
n/a	n/a	v2.0.03P and earlier

References (8)

http://www.securityfocus.com/bid/101244
https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
https://access.redhat.com/errata/RHSA-2018:1296
https://github.com/kkos/oniguruma/issues/57
http://www.securityfocus.com/bid/101244
https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
https://access.redhat.com/errata/RHSA-2018:1296
https://github.com/kkos/oniguruma/issues/57