The vulnerability of the Oniguruma library, related to the use of an uninitialized variable, which allows for memory corruption to occur.

🗓️ 18 Aug 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Oniguruma flaw: uninitialized variable causes memory corruption during bitset_set_range in regex compilation.

Reporter	Title	Published	Views	Family All 139
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in php	27 Jul 201801:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in php5 (CVE-2017-9228 CVE-2017-9229)	7 Dec 202322:31	–	ibm
ALT Linux	Security fix for the ALT Linux 8 package oniguruma version 6.4.0-alt1	12 Jul 201700:00	–	altlinux
Tenable Nessus	Amazon Linux 2 : oniguruma (ALAS-2023-2311)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php (ALAS-2023-2375)	4 Dec 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php70 (ALAS-2017-867)	4 Aug 201700:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php56 (ALAS-2017-871)	18 Aug 201700:00	–	nessus
Tenable Nessus	CentOS 9 : oniguruma-6.9.6-1.el9.5	29 Feb 202400:00	–	nessus
Tenable Nessus	Debian DLA-958-1 : libonig security update	30 May 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1990)	24 Sep 201900:00	–	nessus

Vulners

Node

php_group phpRange≤7.1.5

OR

k._kosako onigurumaMatch6.2.0

OR

ruby rubyRange≤2.4.1

Source	Link
github	www.github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
github	www.github.com/kkos/oniguruma/issues/60
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 27.5

EPSS0.00585

oniguruma flaw uninitialized variable parse_char_class bitset set range memory corruption regex compilation