5 matches found
CLSA-2025-1759222758 ruby: Fix of 4 CVEs
CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution - CVE-2017-9224: Fix stack out-of-bounds read in matchat during regular expression searching - CVE-2017-9227: Fix stack out-of-bounds read in mbcenclen and invalid pointer dereference...
SUSE CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...
oniguruma: Invalid pointer dereference in left_adjust_char_head()
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...
The vulnerability of the Oniguruma library, which arises from the use of an uninitialized variable, allows a hacker to perform read operations beyond the buffer boundary in dynamic memory.
The vulnerability of the Oniguruma library exists due to incorrect processing of reg-dmin in the forwardsearchrange function. This allows the use of an uninitialized variable during data reading from the buffer. Exploiting this vulnerability could enable a malicious actor to read beyond the...
DEBIAN-CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...