7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.9%
Package : libonig
Version : 5.9.1-1+deb7u1
CVE ID : CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228
CVE-2017-9229
Debian Bug : 863312 863314 863315 863316 863318
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in match_at() during regular expression
searching. A logical error involving order of validation and access in
match_at() could result in an out-of-bounds read from a stack buffer.
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write or read occurs in next_state_val() during regular
expression compilation. Octal numbers larger than 0xff are not handled
correctly in fetch_token() and fetch_token_in_cc(). A malformed regular
expression containing an octal number in the form of '\700' would
produce an invalid code point value larger than 0xff in
next_state_val(), resulting in an out-of-bounds write memory
corruption.
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in mbc_enc_len() during regular expression
searching. Invalid handling of reg->dmin in forward_search_range()
could result in an invalid pointer dereference, as an out-of-bounds
read from a stack buffer.
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write occurs in bitset_set_range() during regular
expression compilation due to an uninitialized variable from an
incorrect state transition. An incorrect state transition in
parse_char_class() could create an execution path that leaves a
critical local variable uninitialized until it's used as an index,
resulting in an out-of-bounds write memory corruption.
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs
in left_adjust_char_head() during regular expression compilation.
Invalid handling of reg->dmax in forward_search_range() could result in
an invalid pointer dereference, normally as an immediate
denial-of-service condition.
For Debian 7 "Wheezy", these problems have been fixed in version
5.9.1-1+deb7u1.
We recommend that you upgrade your libonig packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | libonig | < 5.9.5-3.2+deb8u1 | libonig_5.9.5-3.2+deb8u1_all.deb |
Debian | 7 | i386 | libonig2-dbg | < 5.9.1-1+deb7u1 | libonig2-dbg_5.9.1-1+deb7u1_i386.deb |
Debian | 7 | amd64 | libonig2 | < 5.9.1-1+deb7u1 | libonig2_5.9.1-1+deb7u1_amd64.deb |
Debian | 8 | amd64 | libonig-dev | < 5.9.5-3.2+deb8u1 | libonig-dev_5.9.5-3.2+deb8u1_amd64.deb |
Debian | 8 | arm64 | libonig-dev | < 5.9.5-3.2+deb8u1 | libonig-dev_5.9.5-3.2+deb8u1_arm64.deb |
Debian | 8 | powerpc | libonig2-dbg | < 5.9.5-3.2+deb8u1 | libonig2-dbg_5.9.5-3.2+deb8u1_powerpc.deb |
Debian | 8 | mips | libonig2-dbg | < 5.9.5-3.2+deb8u1 | libonig2-dbg_5.9.5-3.2+deb8u1_mips.deb |
Debian | 8 | amd64 | libonig2-dbg | < 5.9.5-3.2+deb8u1 | libonig2-dbg_5.9.5-3.2+deb8u1_amd64.deb |
Debian | 7 | all | libonig | < 5.9.1-1+deb7u1 | libonig_5.9.1-1+deb7u1_all.deb |
Debian | 8 | i386 | libonig-dev | < 5.9.5-3.2+deb8u1 | libonig-dev_5.9.5-3.2+deb8u1_i386.deb |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.9%