Описание
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Отчет
This vulnerability is rated as moderate because a heap-based buffer overflow in Oniguruma’s str_lower_case_match within regexec.c could lead to application crashes or potential code execution. However, successful exploitation depends on specific conditions, such as how the application processes untrusted regex inputs, making the overall impact limited in most cases.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | oniguruma | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Affected | ||
| Red Hat Enterprise Linux 8 | oniguruma | Affected | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Affected | ||
| Red Hat Enterprise Linux 8 | ruby:2.5/ruby | Affected | ||
| Red Hat Enterprise Linux 8 | ruby:2.6/ruby | Affected | ||
| Red Hat OpenShift Container Platform 4 | oniguruma | Will not fix | ||
| Red Hat Software Collections | rh-php72-php | Affected | ||
| Red Hat Software Collections | rh-ruby24-ruby | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
Уязвимость компонента str_lower_case_match библиотеки для регулярных выражений Oniguruma, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3