oniguruma is vulnerable to remote code execution (RCE). The vulnerability exists as a buffer overflow can occur through a regular expression for compilation in concat_opt_exact_str
in src/regcomp.c
.
www.openwall.com/lists/oss-security/2020/09/30/7
github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
github.com/kkos/oniguruma/issues/207
lists.debian.org/debian-lts-announce/2021/01/msg00025.html
lists.fedoraproject.org/archives/list/[email protected]/message/2ZCUPCKJNSUHQMXXZBRNDDGQQLBJ2ACT/
lists.fedoraproject.org/archives/list/[email protected]/message/4NHVR7X5ZLXUGW3PBCPQMNFQ3OJCSMQD/
lists.fedoraproject.org/archives/list/[email protected]/message/ZFUJY7BUIFBTZ3IUHVHCID4JYCRDGKPS/