4 matches found
CLSA-2025-1759222758 ruby: Fix of 4 CVEs
CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution - CVE-2017-9224: Fix stack out-of-bounds read in matchat during regular expression searching - CVE-2017-9227: Fix stack out-of-bounds read in mbcenclen and invalid pointer dereference...
CLSA-2025-1758892982 php: Fix of CVE-2017-9228
CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions...
CLSA-2025-1757523459 php: Fix of 4 CVEs
Fix multiple vulnerabilities in oniguruma: - CVE-2017-9224: out-of-bounds read in matchat - CVE-2017-9226: heap buffer overflow in nextstateval - CVE-2017-9227: out-of-bounds read in mbcenclen - CVE-2017-9228: out-of-bounds heap write in bitsetsetrange...
DEBIAN-CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...