CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-9226 – oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
https://notcve.org/view.php?id=CVE-2017-9226
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bou... • http://www.securityfocus.com/bid/101244 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-9228 – oniguruma: Out-of-bounds heap write in bitset_set_range()
https://notcve.org/view.php?id=CVE-2017-9228
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. Se d... • https://access.redhat.com/errata/RHSA-2018:1296 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-9229 – oniguruma: Invalid pointer dereference in left_adjust_char_head()
https://notcve.org/view.php?id=CVE-2017-9229
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7... • https://access.redhat.com/errata/RHSA-2018:1296 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-9224 – oniguruma: Out-of-bounds stack read in match_at() during regular expression searching
https://notcve.org/view.php?id=CVE-2017-9224
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. Un problema fue encontrado en Oniguruma versión 6.2.0, tal y como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. Una le... • http://www.securityfocus.com/bid/101244 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-9225
https://notcve.org/view.php?id=CVE-2017-9225
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), ... • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-9227 – oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching
https://notcve.org/view.php?id=CVE-2017-9227
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. Se ha descubierto un problema en Oniguruma 6.2.0, como se empleaba en Oniguruma-mod en Ruby hasta la versión 2.4.1 y en mbstring en PHP hasta la ver... • http://www.securityfocus.com/bid/100538 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-9119 – Ubuntu Security Notice USN-5300-3
https://notcve.org/view.php?id=CVE-2017-9119
21 May 2017 — The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. La función i_zval_ptr_dtor en el archivo Zend/zend_variables.h en PHP versión 7.1.5 permite a los atacantes causar una denegación de servicio (consumo de memoria y bloqueo de aplicación) o posiblemente tener otro impacto sin especificar al desencadenar op... • http://www.securityfocus.com/bid/98596 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8923 – Ubuntu Security Notice USN-5300-3
https://notcve.org/view.php?id=CVE-2017-8923
12 May 2017 — The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. La función zend_string_extend en el archivo Zend/zend_string.h en PHP hasta de la versión 7.1.5 no impide cambios en los objetos de cadena que resultan en una longitud negativa, lo que... • http://www.securityfocus.com/bid/98518 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7963
https://notcve.org/view.php?id=CVE-2017-7963
19 Apr 2017 — The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior. ** DISP... • https://bugs.php.net/bug.php?id=74308 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6441
https://notcve.org/view.php?id=CVE-2017-6441
03 Apr 2017 — The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only. ** EN DISPUTA ** El _zval_get_long_func_ex en Zend/zend_operators.c en PHP 7.1.2 permite a atacantes provocar una denegación de... • https://bugs.php.net/bug.php?id=74146 • CWE-476: NULL Pointer Dereference •