CLSA-2025-1757944902 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

SUSE CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...

SUSE CVE-2019-13225

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

OSV-2022-1144 Heap-buffer-overflow in onigenc_mbn_mbc_case_fold

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53041 Crash type: Heap-buffer-overflow READ 1 Crash state: onigencmbnmbccasefold euckrmbccasefold matchat...

Oracle Linux 8 : oniguruma (ELSA-2020-4827)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4827 advisory. 6.8.2-2 - Fix CVE-2019-13225 Resolves: 1771052 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Denial Of Service (DoS)

oniguruma is vulnerable to Denial Of Service DoS. An attacker can cause a NULL pointer dereference in matchat in regexec.c which allows an attacker to cause an application crash...

oniguruma: NULL pointer dereference in match_at() in regexec.c

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

Moderate: Red Hat Security Advisory: oniguruma security update

An update for oniguruma is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RLSA-2020:4827 Moderate: oniguruma security update

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: NULL pointer dereference in matchat in regexec.c CVE-2019-13225 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Oracle Linux 7 : edk2 (ELSA-2020-5861)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5861 advisory. - Create new 1.3 release for OL7 which includes the following fixed CVEs: CVE-2018-12182 CVE-2019-13224 CVE-2019-13225 CVE-2019-14553 Fri May 17 2019...

oniguruma: NULL pointer dereference in match_at() in regexec.c

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

OSV-2020-1235 Heap-buffer-overflow in mbc_case_fold

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21977 Crash type: Heap-buffer-overflow READ 1 Crash state: mbccasefold stringcmpic matchat...

Amazon Linux AMI : oniguruma (ALAS-2019-1295)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Amazon Linux 2 : oniguruma (ALAS-2019-1288)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

FreeBSD : oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Null pointer dereference

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

CVE-2019-13225

A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...

CVE-2019-13225

Oniguruma 6.9.2 contains a NULL pointer dereference in match_at() (CVE-2019-13225) that can lead to denial of service when a crafted regular expression is used. Multiple connected advisories (AlmaLinux, Fedora, Amazon Linux, Astra Linux) report the vulnerability and list updates/patches for onigu...

oniguruma -- multiple vulnerabilities

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds reads. The vulnerability exists in matchat during regular expression searching because of a logical error involving order of validation and access in matchat...