Описание
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
An integer overflow vulnerability leading to an out-of-bounds read was found in the way Oniguruma handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could crash the application, causing a denial of service.
Отчет
This flaw only affected 32-bit compiled versions of Oniguruma. Therefore it did not affect the following 64-bit versions:
- PHP and Ruby as shipped with Red Hat Enterprise Linux 7.
- PHP and Ruby as shipped with Red Hat Software Collections 3.
- PHP as shipped with Red Hat Enterprise Linux 8.
- OpenShift containers: openshift4/ose-metering-hadoop, openshift4/ose-metering-hive, openshift4/ose-metering-presto.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Out of support scope | ||
| Red Hat Enterprise Linux 5 | php53 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | oniguruma | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | ruby | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.3/php | Not affected | ||
| Red Hat Enterprise Linux 8 | ruby:2.6/ruby | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | oniguruma | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
An integer overflow in the search_in_range function in regexec.c in On ...
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
Уязвимость функции search_in_range библиотеки для регулярных выражений Oniguruma, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
7.5 High
CVSS3