Описание
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 6.3.0-1 |
| devel | released | 6.3.0-1 |
| esm-apps/bionic | released | 6.3.0-1 |
| esm-apps/xenial | released | 5.9.6-1ubuntu0.1 |
| esm-infra-legacy/trusty | released | 5.9.1-1ubuntu1.1 |
| precise/esm | DNE | |
| trusty | released | 5.9.1-1ubuntu1.1 |
| trusty/esm | released | 5.9.1-1ubuntu1.1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | released | 5.5.9+dfsg-1ubuntu4.22 |
| precise/esm | not-affected | 5.3.10-1ubuntu3.28 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.22 |
| trusty/esm | released | 5.5.9+dfsg-1ubuntu4.22 |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 7.0.22-0ubuntu0.16.04.1 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 7.1.8-1ubuntu1 |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
Уязвимость библиотеки Oniguruma, связанная с использованием неинициализированной переменной и позволяющая нарушителю осуществить чтение за границами буфера в динамической памяти
7.5 High
CVSS2
9.8 Critical
CVSS3