CVE-2017-9226 – oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
https://notcve.org/view.php?id=CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. Un problema fue encontrado en Oniguruma versión 6.2.0, tal y como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • http://www.securityfocus.com/bid/101244 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6 https://github.com/kkos/oniguruma/issues/55 https://access.redhat.com/security/cve/CVE-2017-9226 https://bugzilla.redhat.com/show_bug.cgi?id=1466736 • CWE-787: Out-of-bounds Write •
CVE-2017-9229 – oniguruma: Invalid pointer dereference in left_adjust_char_head()
https://notcve.org/view.php?id=CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7.1.5. Un SIGSEGV se produce en la función left_adjust_char_head() durante la compilación de expresiones regulares. • https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d https://github.com/kkos/oniguruma/issues/59 https://access.redhat.com/security/cve/CVE-2017-9229 https://bugzilla.redhat.com/show_bug.cgi?id=1466746 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVE-2017-9227 – oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching
https://notcve.org/view.php?id=CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. Se ha descubierto un problema en Oniguruma 6.2.0, como se empleaba en Oniguruma-mod en Ruby hasta la versión 2.4.1 y en mbstring en PHP hasta la versión 7.1.5. Una lectura de pila fuera de límites tiene lugar en mbc_enc_len() durante una búsqueda de expresión regular. • http://www.securityfocus.com/bid/100538 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 https://github.com/kkos/oniguruma/issues/58 https://access.redhat.com/security/cve/CVE-2017-9227 https://bugzilla.redhat.com/show_bug.cgi?id=1466739 • CWE-125: Out-of-bounds Read •
CVE-2017-9228 – oniguruma: Out-of-bounds heap write in bitset_set_range()
https://notcve.org/view.php?id=CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. Se produce una escritura fuera del límite de la pila en bitset_set_range() durante la compilación de expresiones regulares debido a una variable no inicializada de una transición de estado incorrecta. • https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b https://github.com/kkos/oniguruma/issues/60 https://access.redhat.com/security/cve/CVE-2017-9228 https://bugzilla.redhat.com/show_bug.cgi?id=1466740 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2017-9067
https://notcve.org/view.php?id=CVE-2017-9067
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. En MODX Revolution anterior a versión 2.5.7, cuando se utiliza PHP versión 5.3.3, un atacante es capaz de incluir y ejecutar archivos arbitrarios en el servidor web debido a la comprobación insuficiente del parámetro action en el archivo setup/index.php, también se conoce como salto de directorio. • https://citadelo.com/en/2017/04/modx-revolution-cms https://github.com/modxcms/revolution/pull/13422 https://github.com/modxcms/revolution/pull/13428 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •