Oniguruma is vulnerable to denial of service (DoS). The vulnerability exists in parse_exp
function in regparse.c
because the leading to a stack exhaustion not properly sanitized which allows an attacker to cause a crash generate malicious traffic into the system.
CPE | Name | Operator | Version |
---|---|---|---|
libonig.so | le | 5.0.0 | |
libonig.so | le | 5.0.0 |
github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180
github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3
github.com/kkos/oniguruma/issues/147
lists.debian.org/debian-lts-announce/2019/09/msg00010.html
lists.fedoraproject.org/archives/list/[email protected]/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/
lists.fedoraproject.org/archives/list/[email protected]/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/
usn.ubuntu.com/4460-1/