A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878> #### Notes Author| Note ---|--- [ebarretto](<https://launchpad.net/~ebarretto>) | libevhtp doesn't ship oniguruma regex library since 1.2.15-1 [mdeslaur](<https://launchpad.net/~mdeslaur>) | doesn't look like php uses the vulnerable function

Affected Package

OS OS Version Package Name Package Version
ubuntu 20.04 groonga any
ubuntu 22.04 groonga any
ubuntu upstream groonga any
ubuntu 16.04 groonga any
ubuntu upstream libevhtp any
ubuntu 16.04 libevhtp any
ubuntu 19.10 libonig 6.9.2-1
ubuntu 20.04 libonig 6.9.2-1
ubuntu 20.10 libonig 6.9.2-1
ubuntu 21.04 libonig 6.9.2-1
ubuntu 21.10 libonig 6.9.2-1
ubuntu 22.04 libonig 6.9.2-1
ubuntu 14.04 libonig any
ubuntu upstream libonig any
ubuntu 16.04 libonig any
ubuntu 20.04 mudlet any
ubuntu upstream mudlet any
ubuntu 16.04 mudlet any
ubuntu 12.04 php5 5.3.10-1ubuntu3.38
ubuntu 14.04 php5 5.5.9+dfsg-1ubuntu4.29+esm4
ubuntu upstream php5 any
ubuntu upstream php7.0 any
ubuntu upstream php7.2 any
ubuntu upstream php7.3 any