ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An out-of-bounds read vulnerability was found in the way Oniguruma handled regular expressions with GB18030 character encoding. A UChar pointer is dereferenced without checking if it passed the end of the matched string, leading to a heap-based buffer over-read. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, might crash the application causing a denial of service.
ΠΡΡΠ΅Ρ
This flaw did not affect the versions of Oniguruma (embedded in php) as shipped with Red Hat Enterprise Linux 5, as they did not include support for GB18030 character encoding, which was introduced in a later version of the library. The versions of Ruby as shipped with Red Hat Enterprise Linux and Red Hat Software Collections 3 do not use Oniguruma but rather Onigmo, a regular expressions library forked from Oniguruma focusing on new expressions supported in Perl 5.10+. Those versions are affected by this flaw because both Onigmo and Oniguruma share the same vulnerable code. However, Ruby does perform additional checks which prevent the vulnerable code path to be easily reached, hence lowering the severity of the flaw.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΠ°ΠΊΠ΅ΡΡ
| ΠΠ»Π°ΡΡΠΎΡΠΌΠ° | ΠΠ°ΠΊΠ΅Ρ | Π‘ΠΎΡΡΠΎΡΠ½ΠΈΠ΅ | Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°ΡΠΈΡ | Π Π΅Π»ΠΈΠ· |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | oniguruma | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Will not fix | ||
| Red Hat Enterprise Linux 7 | ruby | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Will not fix | ||
| Red Hat Enterprise Linux 8 | ruby:2.5/ruby | Fix deferred | ||
| Red Hat Enterprise Linux 8 | ruby:2.6/ruby | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | oniguruma | Will not fix |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
Π‘ΡΡΠ»ΠΊΠΈ Π½Π° ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΈ
ΠΠΎΠΏΠΎΠ»Π½ΠΈΡΠ΅Π»ΡΠ½Π°Ρ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ
Π‘ΡΠ°ΡΡΡ:
EPSS
7.5 High
CVSS3
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΡΡΠ½ΠΊΡΠΈΠΈ gb18030_mbc_enc_len Π±ΠΈΠ±Π»ΠΈΠΎΡΠ΅ΠΊΠΈ ΡΠ΅Π³ΡΠ»ΡΡΠ½ΡΡ Π²ΡΡΠ°ΠΆΠ΅Π½ΠΈΠΉ Oniguruma, ΡΠ²ΡΠ·Π°Π½Π½Π°Ρ Ρ ΡΡΠ΅Π½ΠΈΠ΅ΠΌ Π·Π° Π΄ΠΎΠΏΡΡΡΠΈΠΌΡΠΌΠΈ Π³ΡΠ°Π½ΠΈΡΠ°ΠΌΠΈ Π±ΡΡΠ΅ΡΠ° Π΄Π°Π½Π½ΡΡ , ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠ°Ρ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ Π²ΡΠ·Π²Π°ΡΡ ΠΎΡΠΊΠ°Π· Π² ΠΎΠ±ΡΠ»ΡΠΆΠΈΠ²Π°Π½ΠΈΠΈ
EPSS
7.5 High
CVSS3