Oniguruma Security Vulnerabilities and Issues — Oniguruma CVE List

Lucene search

Oniguruma ProjectOniguruma

7 matches found

CVE•added 2019/07/10 2:15 p.m.•451 views

CVE-2019-13224

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS9.9AI score0.00524EPSS

CVE•added 2017/05/24 3:29 p.m.•229 views

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token(...

9.8CVSS9.6AI score0.0064EPSS

CVE•added 2017/05/24 3:29 p.m.•218 views

CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in a...

9.8CVSS9.4AI score0.00377EPSS

CVE•added 2019/11/17 6:15 p.m.•203 views

CVE-2019-19012

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or...

9.8CVSS9.7AI score0.19242EPSS

CVE•added 2017/05/24 3:29 p.m.•182 views

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in un...

9.8CVSS9.5AI score0.00392EPSS

CVE•added 2017/05/24 3:29 p.m.•145 views

CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid...

9.8CVSS9.3AI score0.0038EPSS

CVE•added 2017/05/24 3:29 p.m.•145 views

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorre...

9.8CVSS9.3AI score0.00591EPSS