CVE-2017-6181
published 2017-04-03CVE-2017-6181: The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to…
PriorityP432high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.65%
88.2th percentile
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ruby: Stack overflow in parse_char_class() in Onigmo
vendor_redhat·2017-02-20·CVSS 7.5
CVE-2017-6181 [HIGH] CWE-674 ruby: Stack overflow in parse_char_class() in Onigmo
ruby: Stack overflow in parse_char_class() in Onigmo
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
An unbounded recursion flaw was found in the way Ruby handled regular expressions. A specially crafted regular expression could be used by an attacker to crash an Ruby application processing such crafted input.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates
GHSA
GHSA-5pfp-rwpx-xgfx: The parse_char_class function in regparse
ghsa_unreviewed·2022-05-17
CVE-2017-6181 [HIGH] CWE-20 GHSA-5pfp-rwpx-xgfx: The parse_char_class function in regparse
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/97304https://bugs.ruby-lang.org/issues/13234https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660http://www.securityfocus.com/bid/97304https://bugs.ruby-lang.org/issues/13234https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660
2017-04-03
Published