SUSE CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

EUVD-2026-28969

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

PT-2026-39447

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description A mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, whi...

Astra Linux - уязвимость в libonig

A use-after-free in the onignewdeluxe function in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regular expression pattern and a...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: oniguruma: oniguruma-6.9.10-4.1.hum1 aarch64, x8664 oniguruma-devel-6.9.10-4.1.hum1 aarch64, x8664 oniguruma-6.9.10-4.1.hum1.src src...

EUVD-2026-14702

Out-of-bounds Read vulnerability in rizonesoft Notepad3 ‎scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1...

CVE-2026-4744

Out-of-bounds Read vulnerability in rizonesoft Notepad3 ‎scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1...

MiracleLinux 8 : oniguruma-6.8.2-2.1.el8_9 (AXSA:2024-7538:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7538:01 advisory. oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c...

TencentOS Server 3: oniguruma (TSSA-2022:0070)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0070 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly i...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2019-13224 DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by ...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2019-19012 DESCRIPTION: Oniguruma is vulnerable to a denial of service, caused by an integer...

K000141317: PHP vulnerabilities CVE-2017-9225, CVE-2017-8923, CVE-2016-7413, CVE-2016-9935, and CVE-2016-7417

Security Advisory Description CVE-2017-9225 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point...

RHSA-2024:0889 Red Hat Security Advisory: oniguruma security update

Bulletin has no description...

RHSA-2024:0572 Red Hat Security Advisory: oniguruma security update

Bulletin has no description...

RHSA-2024:0409 Red Hat Security Advisory: oniguruma security update

Bulletin has no description...

RHSA-2020:4827 Red Hat Security Advisory: oniguruma security update

Bulletin has no description...

SUSE: Security Advisory (SUSE-SU-2024:2993-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : oniguruma (SUSE-SU-2024:2993-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2993-1 advisory. - CVE-2020-26159: Fixed buffer overflow in concatoptexactstr could that could lead in DoS bsc1177179 Tenable has extracted the preceding...