Описание
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-26159
- https://github.com/kkos/oniguruma/issues/207
- https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
- https://lists.debian.org/debian-lts-announce/2021/01/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZCUPCKJNSUHQMXXZBRNDDGQQLBJ2ACT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NHVR7X5ZLXUGW3PBCPQMNFQ3OJCSMQD
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUJY7BUIFBTZ3IUHVHCID4JYCRDGKPS
- http://www.openwall.com/lists/oss-security/2020/09/30/7
CVE ID
Дефекты
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none
A flaw was found in oniguruma. An attacker, able to supply a regular expression for compilation, may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none
