Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.890958
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for libonig (DLA-958-1)
Zusammenfassung:CVE-2017-9224;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack;out-of-bounds read occurs in match_at() during regular expression;searching. A logical error involving order of validation and access in;match_at() could result in an out-of-bounds read from a stack buffer.;;CVE-2017-9226;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap;out-of-bounds write or read occurs in next_state_val() during regular;expression compilation. Octal numbers larger than 0xff are not handled;correctly in fetch_token() and fetch_token_in_cc(). A malformed regular;expression containing an octal number in the form of '\700' would;produce an invalid code point value larger than 0xff in;next_state_val(), resulting in an out-of-bounds write memory;corruption.;;CVE-2017-9227;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack;out-of-bounds read occurs in mbc_enc_len() during regular expression;searching. Invalid handling of reg->dmin in forward_search_range();could result in an invalid pointer dereference, as an out-of-bounds;read from a stack buffer.;;CVE-2017-9228;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap;out-of-bounds write occurs in bitset_set_range() during regular;expression compilation due to an uninitialized variable from an;incorrect state transition. An incorrect state transition in;parse_char_class() could create an execution path that leaves a;critical local variable uninitialized until it's used as an index,;resulting in an out-of-bounds write memory corruption.;;CVE-2017-9229;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs;in left_adjust_char_head() during regular expression compilation.;Invalid handling of reg->dmax in forward_search_range() could result in;an invalid pointer dereference, normally as an immediate;denial-of-service condition.
Beschreibung:Summary:
CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in match_at() during regular expression
searching. A logical error involving order of validation and access in
match_at() could result in an out-of-bounds read from a stack buffer.

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write or read occurs in next_state_val() during regular
expression compilation. Octal numbers larger than 0xff are not handled
correctly in fetch_token() and fetch_token_in_cc(). A malformed regular
expression containing an octal number in the form of '\700' would
produce an invalid code point value larger than 0xff in
next_state_val(), resulting in an out-of-bounds write memory
corruption.

CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in mbc_enc_len() during regular expression
searching. Invalid handling of reg->dmin in forward_search_range()
could result in an invalid pointer dereference, as an out-of-bounds
read from a stack buffer.

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write occurs in bitset_set_range() during regular
expression compilation due to an uninitialized variable from an
incorrect state transition. An incorrect state transition in
parse_char_class() could create an execution path that leaves a
critical local variable uninitialized until it's used as an index,
resulting in an out-of-bounds write memory corruption.

CVE-2017-9229

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs
in left_adjust_char_head() during regular expression compilation.
Invalid handling of reg->dmax in forward_search_range() could result in
an invalid pointer dereference, normally as an immediate
denial-of-service condition.

Affected Software/OS:
libonig on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
5.9.1-1+deb7u1.

We recommend that you upgrade your libonig packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-9224
BugTraq ID: 101244
http://www.securityfocus.com/bid/101244
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
Common Vulnerability Exposure (CVE) ID: CVE-2017-9226
Common Vulnerability Exposure (CVE) ID: CVE-2017-9227
BugTraq ID: 100538
http://www.securityfocus.com/bid/100538
Common Vulnerability Exposure (CVE) ID: CVE-2017-9228
Common Vulnerability Exposure (CVE) ID: CVE-2017-9229
CopyrightCopyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.