Описание
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Пакеты
Пакет | Статус | Версия исправления | Релиз | Тип |
---|---|---|---|---|
libonig | fixed | 6.9.4-1 | package | |
libonig | no-dsa | buster | package | |
libonig | ignored | jessie | package |
Примечания
https://github.com/kkos/oniguruma/issues/163
https://github.com/kkos/oniguruma/commit/aa0188eaedc056dca8374ac03d0177429b495515 (v6.9.4_rc2)
Only exploitable with attacker-provided pattern
EPSS
Связанные уязвимости
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Уязвимость функции gb18030_mbc_enc_len библиотеки регулярных выражений Oniguruma, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS