// For flags

CVE-2017-9226

oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.

Un problema fue encontrado en Oniguruma versión 6.2.0, tal y como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. Un vulnerabilidad de lectura o escritura fuera de límites de la pila ocurre en la función next_state_val() durante la compilación de expresión regular. Los números octales mayores que 0xff no se manejan apropiadamente en fetch_token() y fetch_token_in_cc(). Una expresión regular malformada que contenga un número octal en forma de “\700” produciría un valor de punto de código no válido mayor que 0xff en next_state_val(), lo que daría como resultado una corrupción de memoria de escritura fuera de límites.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-05-24 CVE Reserved
  • 2017-05-24 CVE Published
  • 2023-05-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oniguruma Project
Search vendor "Oniguruma Project"
Oniguruma
Search vendor "Oniguruma Project" for product "Oniguruma"
6.2.0
Search vendor "Oniguruma Project" for product "Oniguruma" and version "6.2.0"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
< 5.6.31
Search vendor "Php" for product "Php" and version " < 5.6.31"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 7.0.0 < 7.0.21
Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.21"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 7.1.0 < 7.1.7
Search vendor "Php" for product "Php" and version " >= 7.1.0 < 7.1.7"
-
Affected