CVE-2019-13224 – oniguruma: Use-after-free in onig_new_deluxe() in regext.c
https://notcve.org/view.php?id=CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. Un uso de memoria previamente liberada en la función onig_new_deluxe() en el archivo regext.c en Oniguruma versión 6.9.2, permite a los atacantes causar divulgación de información, denegación de servicio o posiblemente ejecución de código al proporcionar una expresión regular diseñada. El atacante provee un par patrones de expresión regular y una cadena, con una codificación de múltiples bytes que se maneja con la función onig_new_deluxe(). • https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW https://security.gentoo.org/glsa/201911-03 https://support.f5.com/csp/article/K00103182 https://support.f5.com/csp/article/K00103182?ut • CWE-416: Use After Free •
CVE-2019-13225 – oniguruma: NULL pointer dereference in match_at() in regexec.c
https://notcve.org/view.php?id=CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. Una desreferencia de puntero NULL en la función match_at() en el archivo regexec.c en Oniguruma versión 6.9.2, permite a los atacantes causar potencialmente una denegación de servicio al proporcionar una expresión regular diseñada. Los problemas de Oniguruma con frecuencia afectan a Ruby, así como a bibliotecas opcionales y comunes para PHP y Rust. • https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW https://security.gentoo.org/glsa/201911-03 https://access.redhat.com/security/cve/CVE-2019-13225 https://bugzilla.redhat.com/show_bug.cgi?id=1728965 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVE-2017-9224 – oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
https://notcve.org/view.php?id=CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. Un problema fue encontrado en Oniguruma versión 6.2.0, tal y como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. Una lectura fuera de límites de la pila ocurre en la función match_at() durante la búsqueda de expresión regular. • http://www.securityfocus.com/bid/101244 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b https://github.com/kkos/oniguruma/issues/57 https://access.redhat.com/security/cve/CVE-2017-9224 https://bugzilla.redhat.com/show_bug.cgi?id=1466730 • CWE-125: Out-of-bounds Read •
CVE-2017-9225
https://notcve.org/view.php?id=CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://github.com/kkos/oniguruma/issues/56 • CWE-787: Out-of-bounds Write •
CVE-2017-9226 – oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
https://notcve.org/view.php?id=CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. Un problema fue encontrado en Oniguruma versión 6.2.0, tal y como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • http://www.securityfocus.com/bid/101244 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6 https://github.com/kkos/oniguruma/issues/55 https://access.redhat.com/security/cve/CVE-2017-9226 https://bugzilla.redhat.com/show_bug.cgi?id=1466736 • CWE-787: Out-of-bounds Write •