Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-9227

Опубликовано: 24 мая 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.6.0 (включая) до 5.6.31 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.21 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.1.0 (включая) до 7.1.7 (исключая)

EPSS

Процентиль: 64%
0.00488
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2017-9227

CVSS3: 9.8
ubuntu
около 8 лет назад

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

redhat логотип

CVE-2017-9227

CVSS3: 5.9
redhat
около 8 лет назад

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

debian логотип

CVE-2017-9227

CVSS3: 9.8
debian
около 8 лет назад

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...

github логотип

GHSA-vpg4-mfvr-xc5c

CVSS3: 9.8
github
около 3 лет назад

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

fstec логотип

BDU:2017-01840

fstec
около 8 лет назад

Уязвимость библиотеки Oniguruma, связанная с использованием неинициализированной переменной и позволяющая нарушителю осуществить чтение за границами буфера в динамической памяти

EPSS

Процентиль: 64%
0.00488
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125