Lucene search
Veracode Vulnerability DatabaseVERACODE:19317HistoryMay 16, 2019 - 3:00 a.m.
Out-of-Bounds Write
2019-05-1603:00:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.008 Low
EPSS
Percentile
81.9%
PHP is vulnerable to out-of-bounds writes. This occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it’s used as an index resulting a memory corruption.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rh-php70-php | eq | 7.0.10__2.el7 | |
| rh-php70-php | eq | 7.0.10__2.el6 | |
| rh-php70-php | eq | 7.0.10__2.el7 | |
| rh-php70-php | eq | 7.0.10__2.el6 |
References
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
github.com/kkos/oniguruma/issues/60
Related
prion
prion
Heap overflow
2017-05-24 15:29:00
osv
osv
CVE-2017-9228
2017-05-24 15:29:00
libonig - security update
2017-05-28 00:00:00
nvd
nvd
CVE-2017-9228
2017-05-24 15:29:00
cvelist
cvelist
CVE-2017-9228
2017-05-24 15:00:00
redhatcve
redhatcve
CVE-2017-9228
2017-06-30 11:21:02
f5
f5
K43292324 : PHP vulnerability CVE-2017-9228
2017-07-21 00:00:00
cve
cve
CVE-2017-9228
2017-05-24 15:29:00
alpinelinux
alpinelinux
CVE-2017-9228
2017-05-24 15:29:00
ubuntucve
ubuntucve
CVE-2017-9228
2017-05-24 00:00:00
debiancve
debiancve
CVE-2017-9228
2017-05-24 15:29:00
nessus
nessus
Photon OS 1.0: Ruby PHSA-2017-0029
2019-02-07 00:00:00
Fedora 25 : oniguruma (2017-e314044789)
2017-09-29 00:00:00
SUSE SLES12 Security Update : php7 (SUSE-SU-2017:3237-1)
2019-01-02 00:00:00
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:3237-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0003-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for oniguruma (EulerOS-SA-2019-2086)
2020-01-23 00:00:00
amazon
amazon
Important: oniguruma
2023-10-12 15:09:00
Important: php
2023-11-29 22:20:00
Medium: php56
2017-08-17 18:16:00
freebsd
freebsd
oniguruma -- multiple vulnerabilities
2017-07-06 00:00:00
slackware
slackware
[slackware-security] php
2017-07-08 00:39:45
fedora
fedora
[SECURITY] Fedora 24 Update: php-5.6.31-1.fc24
2017-07-19 01:49:32
[SECURITY] Fedora 24 Update: oniguruma-5.9.6-4.fc24
2017-06-10 10:23:48
[SECURITY] Fedora 26 Update: php-7.1.7-1.fc26
2017-07-18 22:25:50
hackerone
hackerone
debian
debian
[SECURITY] [DLA 958-1] libonig security update
2017-05-28 13:46:37
mageia
mageia
Updated php and libgd packages fix security vulnerabilities
2017-08-08 01:16:24
altlinux
altlinux
Security fix for the ALT Linux 8 package oniguruma version 6.4.0-alt1
2017-07-12 00:00:00
photon
photon
ubuntu
ubuntu
PHP vulnerabilities
2017-12-18 00:00:00
PHP vulnerabilities
2017-08-10 00:00:00
veracode
veracode
Use After Free
2019-05-16 02:59:58
redhat
redhat
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00