CVE-2017-9226
oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
Un problema fue encontrado en Oniguruma versión 6.2.0, tal y como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. Un vulnerabilidad de lectura o escritura fuera de límites de la pila ocurre en la función next_state_val() durante la compilación de expresión regular. Los números octales mayores que 0xff no se manejan apropiadamente en fetch_token() y fetch_token_in_cc(). Una expresión regular malformada que contenga un número octal en forma de “\700” produciría un valor de punto de código no válido mayor que 0xff en next_state_val(), lo que daría como resultado una corrupción de memoria de escritura fuera de límites.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-24 CVE Reserved
- 2017-05-24 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101244 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/kkos/oniguruma/issues/55 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a | 2022-07-20 | |
| https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6 | 2022-07-20 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:1296 | 2022-07-20 | |
| https://access.redhat.com/security/cve/CVE-2017-9226 | 2018-05-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1466736 | 2018-05-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oniguruma Project Search vendor "Oniguruma Project" | Oniguruma Search vendor "Oniguruma Project" for product "Oniguruma" | 6.2.0 Search vendor "Oniguruma Project" for product "Oniguruma" and version "6.2.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | < 5.6.31 Search vendor "Php" for product "Php" and version " < 5.6.31" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.21 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.21" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.1.0 < 7.1.7 Search vendor "Php" for product "Php" and version " >= 7.1.0 < 7.1.7" | - |
Affected
| ||||||