CVE-2017-9229
published 2017-05-24CVE-2017-9229: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
5.13%
91.3th percentile
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libonig | < libonig 6.1.3-2 (bookworm) | libonig 6.1.3-2 (bookworm) |
| oniguruma_project | oniguruma | — | — |
| php | php | <= 7.1.5 | — |
| php | php | >= 5.6.0 < 5.6.31 | 5.6.31 |
| php | php | >= 7.0.0 < 7.0.21 | 7.0.21 |
| php | php | >= 7.1.0 < 7.1.7 | 7.1.7 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.22 | 5.5.9+dfsg-1ubuntu4.22 |
| ruby-lang | ruby | <= 2.4.1 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-28pc-jv2f-hv8j: An issue was discovered in Oniguruma 6
ghsa_unreviewed·2022-05-14
CVE-2017-9229 [HIGH] CWE-476 GHSA-28pc-jv2f-hv8j: An issue was discovered in Oniguruma 6
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
OSV
php5, php7.0 vulnerabilities
osv·2017-08-10·CVSS 7.5
CVE-2015-8994 [HIGH] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that the PHP opcache created keys for files it cached
based on their filepath. A local attacker could possibly use this issue in
a shared hosting environment to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS. (CVE-2015-8994)
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2017-11143)
S
OSV
CVE-2017-9229: An issue was discovered in Oniguruma 6
osv·2017-05-24·CVSS 7.5
CVE-2017-9229 [HIGH] CVE-2017-9229: An issue was discovered in Oniguruma 6
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-12-18·CVSS 7.5
CVE-2016-10397 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
USN-3382-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. (CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2017-11143)
Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP
incorrectly handled the OpenSSL sealing function. A remote attacker could
possibly use thi
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-08-10·CVSS 7.5
CVE-2015-8994 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that the PHP opcache created keys for files it cached
based on their filepath. A local attacker could possibly use this issue in
a shared hosting environment to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS. (CVE-2015-8994)
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue
Red Hat
oniguruma: Invalid pointer dereference in left_adjust_char_head()
vendor_redhat·2017-05-23·CVSS 7.5
CVE-2017-9229 [HIGH] CWE-787 oniguruma: Invalid pointer dereference in left_adjust_char_head()
oniguruma: Invalid pointer dereference in left_adjust_char_head()
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
Package: rh-ruby22-ruby (CloudForms Management Engine 5) - Under investigation
Package: ruby-200-ruby (CloudForms Management Engine 5) - Under investigation
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: ruby (Red Hat Enterprise Linux 5) - Will not fix
Package: oniguruma (Red Hat E
Debian
CVE-2017-9229: libonig - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby thr...
vendor_debian·2017·CVSS 7.5
CVE-2017-9229 [HIGH] CVE-2017-9229: libonig - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby thr...
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
Scope: local
bookworm: resolved (fixed in 6.1.3-2)
bullseye: resolved (fixed in 6.1.3-2)
forky: resolved (fixed in 6.1.3-2)
sid: resolved (fixed in 6.1.3-2)
trixie: resolved (fixed in 6.1.3-2)
No detection rules found.
No public exploits indexed.
HackerOne
PHP mbstring / Oniguruma multiple remote heap/stack corruptions
hackerone·2019-10-14·CVSS 9.8
[CRITICAL] PHP mbstring / Oniguruma multiple remote heap/stack corruptions
PHP mbstring / Oniguruma multiple remote heap/stack corruptions
Oniguruma [1] by K. Kosako is a BSD licensed regular expression library that supports a variety of character encodings. The Ruby programming language, in version 1.9, as well as PHP's multi-byte string module (since PHP5), use Oniguruma as their regular expression engine. It is also used in products such as Atom, Take Command Console, Tera Term, TextMate, Sublime Text and SubEthaEdit.
We've identified six remote memory corruption issues in Oniguruma that affect the latest stable release v6.2.0 and the develop branch, they have received upstream patch in the latest stable version v6.3.0; PHP upstream has now included 5 of the patches (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) that are applicab
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: th
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2017-9229 oniguruma: Invalid pointer dereference in left_adjust_char_head()
bugzilla·2017-06-30·CVSS 7.5
CVE-2017-9229 [HIGH] CVE-2017-9229 oniguruma: Invalid pointer dereference in left_adjust_char_head()
CVE-2017-9229 oniguruma: Invalid pointer dereference in left_adjust_char_head()
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs
in left_adjust_char_head() during regular expression compilation.
Invalid handling of reg->dmax in forward_search_range() could result in
an invalid pointer dereference, normally as an immediate
denial-of-service condition.
Upstream bug:
https://github.com/kkos/oniguruma/issues/59
Upstream patch:
https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
Discussion:
Created oniguruma tracking bugs for this issue:
Affects: epel-7 [bug 1466750]
Affects: fedora-all [bug 1466752]
Created php tracking bugs for this issue:
Affects: fedora-all
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use
Bugzilla
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
bugzilla·2017-06-30·CVSS 9.8
CVE-2017-9224 [CRITICAL] CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 ruby: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
https://access.redhat.com/errata/RHSA-2018:1296https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402dhttps://github.com/kkos/oniguruma/issues/59https://access.redhat.com/errata/RHSA-2018:1296https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402dhttps://github.com/kkos/oniguruma/issues/59
2017-05-24
Published