PRIOn knowledge basePRION:CVE-2017-9229

HistoryMay 24, 2017 - 3:29 p.m.

Race condition

2017-05-2415:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.

CPENameOperatorVersion
onigurumaeq6.2.0
phple7.1.5
phpge7.1.0
phplt7.1.7
phpge7.0.0
phplt7.0.21
phpge5.6.0
phplt5.6.31
rubyle2.4.1

Name	Operator	Version
oniguruma	eq	6.2.0
php	le	7.1.5
php	ge	7.1.0
php	lt	7.1.7
php	ge	7.0.0
php	lt	7.0.21
php	ge	5.6.0
php	lt	5.6.31
ruby	le	2.4.1

References

access.redhat.com/errata/RHSA-2018:1296

github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d

github.com/kkos/oniguruma/issues/59