ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
| Π Π΅Π»ΠΈΠ· | Π‘ΡΠ°ΡΡΡ | ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅ |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 6.9.4-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 6.7.0-1ubuntu0.1~esm2 |
| esm-apps/xenial | released | 5.9.6-1ubuntu0.1+esm2 |
| esm-infra-legacy/trusty | released | 5.9.1-1ubuntu1.1+esm2 |
| esm-infra/focal | not-affected | 6.9.4-1 |
| focal | not-affected | 6.9.4-1 |
| groovy | not-affected | 6.9.4-1 |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΡΡΠ½ΠΊΡΠΈΠΈ fetch_interval_quantifier Π±ΠΈΠ±Π»ΠΈΠΎΡΠ΅ΠΊΠΈ Π΄Π»Ρ ΡΠ΅Π³ΡΠ»ΡΡΠ½ΡΡ Π²ΡΡΠ°ΠΆΠ΅Π½ΠΈΠΉ Oniguruma, ΡΠ²ΡΠ·Π°Π½Π½Π°Ρ Ρ ΡΡΠ΅Π½ΠΈΠ΅ΠΌ Π·Π° Π΄ΠΎΠΏΡΡΡΠΈΠΌΡΠΌΠΈ Π³ΡΠ°Π½ΠΈΡΠ°ΠΌΠΈ Π±ΡΡΠ΅ΡΠ° Π΄Π°Π½Π½ΡΡ , ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠ°Ρ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ Π²ΡΠ·Π²Π°ΡΡ ΠΎΡΠΊΠ°Π· Π² ΠΎΠ±ΡΠ»ΡΠΆΠΈΠ²Π°Π½ΠΈΠΈ
EPSS
5 Medium
CVSS2
7.5 High
CVSS3