CVE-2017-9224
published 2017-05-24CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs…
PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.54%
93.0th percentile
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libonig | < libonig 6.1.3-2 (bookworm) | libonig 6.1.3-2 (bookworm) |
| oniguruma_project | oniguruma | — | — |
| php | php | < 5.6.31 | 5.6.31 |
| php | php | >= 7.0.0 < 7.0.21 | 7.0.21 |
| php | php | >= 7.1.0 < 7.1.7 | 7.1.7 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.22 | 5.5.9+dfsg-1ubuntu4.22 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-12-18·CVSS 7.5
CVE-2016-10397 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
USN-3382-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. (CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2017-11143)
Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP
incorrectly handled the OpenSSL sealing function. A remote attacker could
possibly use thi
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-08-10·CVSS 7.5
CVE-2015-8994 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that the PHP opcache created keys for files it cached
based on their filepath. A local attacker could possibly use this issue in
a shared hosting environment to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS. (CVE-2015-8994)
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue
Red Hat
oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
vendor_redhat·2017-05-22·CVSS 9.8
CVE-2017-9224 [CRITICAL] CWE-125 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
Package: rh-ruby22-ruby (CloudForms Management Engine 5) - Under investigation
Package: ruby-200-ruby (CloudForms Management Engine 5) - Under investigation
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: ruby (Red Hat Enterprise Linux 5) - Will not fix
Package: oniguruma (Red Hat Enterpr
Debian
CVE-2017-9224: libonig - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby thr...
vendor_debian·2017·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224: libonig - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby thr...
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
Scope: local
bookworm: resolved (fixed in 6.1.3-2)
bullseye: resolved (fixed in 6.1.3-2)
forky: resolved (fixed in 6.1.3-2)
sid: resolved (fixed in 6.1.3-2)
trixie: resolved (fixed in 6.1.3-2)
GHSA
GHSA-r2wq-r394-96mf: An issue was discovered in Oniguruma 6
ghsa_unreviewed·2022-05-14
CVE-2017-9224 [CRITICAL] CWE-125 GHSA-r2wq-r394-96mf: An issue was discovered in Oniguruma 6
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
OSV
php5, php7.0 vulnerabilities
osv·2017-08-10·CVSS 7.5
CVE-2015-8994 [HIGH] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that the PHP opcache created keys for files it cached
based on their filepath. A local attacker could possibly use this issue in
a shared hosting environment to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS. (CVE-2015-8994)
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2017-11143)
S
OSV
CVE-2017-9224: An issue was discovered in Oniguruma 6
osv·2017-05-24·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224: An issue was discovered in Oniguruma 6
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
No detection rules found.
No public exploits indexed.
HackerOne
PHP mbstring / Oniguruma multiple remote heap/stack corruptions
hackerone·2019-10-14·CVSS 9.8
[CRITICAL] PHP mbstring / Oniguruma multiple remote heap/stack corruptions
PHP mbstring / Oniguruma multiple remote heap/stack corruptions
Oniguruma [1] by K. Kosako is a BSD licensed regular expression library that supports a variety of character encodings. The Ruby programming language, in version 1.9, as well as PHP's multi-byte string module (since PHP5), use Oniguruma as their regular expression engine. It is also used in products such as Atom, Take Command Console, Tera Term, TextMate, Sublime Text and SubEthaEdit.
We've identified six remote memory corruption issues in Oniguruma that affect the latest stable release v6.2.0 and the develop branch, they have received upstream patch in the latest stable version v6.3.0; PHP upstream has now included 5 of the patches (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) that are applicab
Bugzilla
CVE-2017-9224 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
CVE-2017-9224 oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
Upstream bug:
https://github.com/kkos/oniguruma/issues/57
Upstream patch:
https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
Discussion:
Created oniguruma tracking bugs for this issue:
Affects: epel-7 [bug 1466750]
Affects: fedora-all [bug 1466752]
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: th
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
http://www.securityfocus.com/bid/101244https://access.redhat.com/errata/RHSA-2018:1296https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059bhttps://github.com/kkos/oniguruma/issues/57http://www.securityfocus.com/bid/101244https://access.redhat.com/errata/RHSA-2018:1296https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059bhttps://github.com/kkos/oniguruma/issues/57
2017-05-24
Published