CVE-2017-9225
published 2017-05-24CVE-2017-9225: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in…
PriorityP350critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.08%
86.0th percentile
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libonig | < libonig 6.1.3-2 (bookworm) | libonig 6.1.3-2 (bookworm) |
| oniguruma_project | oniguruma | — | — |
| php | php | <= 7.1.5 | — |
| ruby-lang | ruby | <= 2.4.1 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
oniguruma: Out-of-bounds stack write in onigenc_unicode_get_case_fold_codes_by_str() during regular expression compilation
vendor_redhat·2017-05-22·CVSS 9.8
CVE-2017-9225 [CRITICAL] CWE-121 oniguruma: Out-of-bounds stack write in onigenc_unicode_get_case_fold_codes_by_str() during regular expression compilation
oniguruma: Out-of-bounds stack write in onigenc_unicode_get_case_fold_codes_by_str() during regular expression compilation
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
Package: rh-ruby22-ruby (CloudForms Management Engine 5) - Under investigation
Package: ruby-200-ruby (CloudForms Management Engi
Debian
CVE-2017-9225: libonig - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby thr...
vendor_debian·2017·CVSS 9.8
CVE-2017-9225 [CRITICAL] CVE-2017-9225: libonig - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby thr...
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
Scope: local
bookworm: resolved (fixed in 6.1.3-2)
bullseye: resolved (fixed in 6.1.3-2)
forky: resolved (fixed in 6.1.3-2)
sid: resolved (fixed in 6.1.3-2)
trixie: resolved (fixed in 6.1.3-2)
GHSA
GHSA-24pf-h82m-5vvv: An issue was discovered in Oniguruma 6
ghsa_unreviewed·2022-05-17
CVE-2017-9225 [CRITICAL] CWE-787 GHSA-24pf-h82m-5vvv: An issue was discovered in Oniguruma 6
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
OSV
CVE-2017-9225: An issue was discovered in Oniguruma 6
osv·2017-05-24·CVSS 9.8
CVE-2017-9225 [CRITICAL] CVE-2017-9225: An issue was discovered in Oniguruma 6
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: th
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use
Bugzilla
CVE-2017-9225 oniguruma: Out-of-bounds stack write in onigenc_unicode_get_case_fold_codes_by_str() during regular expression compilation
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9225 [CRITICAL] CVE-2017-9225 oniguruma: Out-of-bounds stack write in onigenc_unicode_get_case_fold_codes_by_str() during regular expression compilation
CVE-2017-9225 oniguruma: Out-of-bounds stack write in onigenc_unicode_get_case_fold_codes_by_str() during regular expression compilation
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str()
occurs during regular expression compilation. Code point 0xFFFFFFFF is
not properly handled in unicode_unfold_key(). A malformed regular
expression could result in 4 bytes being written off the end of a stack
buffer of expand_case_fold_string() during the call to
onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer
overflow.
Upstream bug:
https://github.com/kkos/oniguruma/issues/56
Upstream patch:
https://github.com/kkos/oniguruma/commi
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
2017-05-24
Published