CVE-2017-9227

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/100538 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1296 Third Party Advisory
https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Patch Third Party Advisory
https://github.com/kkos/oniguruma/issues/58 Exploit Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
History

20 Jul 2022, 16:34

Type Values Removed Values Added
CPE cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:*
cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:*		 cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
References (REDHAT) https://access.redhat.com/errata/RHSA-2018:1296 - (REDHAT) https://access.redhat.com/errata/RHSA-2018:1296 - Third Party Advisory
References (CONFIRM) https://github.com/kkos/oniguruma/issues/58 - Exploit, Third Party Advisory (CONFIRM) https://github.com/kkos/oniguruma/issues/58 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/100538 - (BID) http://www.securityfocus.com/bid/100538 - Third Party Advisory, VDB Entry
Information

Published : 2017-05-24 15:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-9227

Mitre link : CVE-2017-9227

CVE.ORG link : CVE-2017-9227

JSON object : View

Products Affected

oniguruma_project

  • oniguruma

php

  • php
CWE
CWE-125

Out-of-bounds Read