Описание
Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
An out-of-bounds read vulnerability was found in Onigmo in the way it handled wide characters in regular expressions. A remote attacker could exploit this flaw by providing a malformed regular expression that when processed by an application linked to Onigmo, would crash the application and cause a denial of service.
Отчет
This flaw does not affect the versions of oniguruma as shipped with Red Hat Enterprise Linux 6, and 8 as they already include the patch. The same is true for the versions of oniguruma (embedded in php:7.2/php and php:7.3/php) as shipped with Red Hat Enterprise Linux 8, and the versions of oniguruma (embedded in rh-php72-php and rh-php73-php) as shipped with Red Hat Software Collections 3. This flaw did not affect the versions of oniguruma (embedded in php) as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | oniguruma | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | ruby | Will not fix | ||
| Red Hat Enterprise Linux 8 | oniguruma | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.3/php | Not affected | ||
| Red Hat Enterprise Linux 8 | ruby:2.5/ruby | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
EPSS
7.5 High
CVSS3