Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.890958
Categoría:Debian Local Security Checks
Título:Debian LTS: Security Advisory for libonig (DLA-958-1)
Resumen:CVE-2017-9224;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack;out-of-bounds read occurs in match_at() during regular expression;searching. A logical error involving order of validation and access in;match_at() could result in an out-of-bounds read from a stack buffer.;;CVE-2017-9226;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap;out-of-bounds write or read occurs in next_state_val() during regular;expression compilation. Octal numbers larger than 0xff are not handled;correctly in fetch_token() and fetch_token_in_cc(). A malformed regular;expression containing an octal number in the form of '\700' would;produce an invalid code point value larger than 0xff in;next_state_val(), resulting in an out-of-bounds write memory;corruption.;;CVE-2017-9227;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack;out-of-bounds read occurs in mbc_enc_len() during regular expression;searching. Invalid handling of reg->dmin in forward_search_range();could result in an invalid pointer dereference, as an out-of-bounds;read from a stack buffer.;;CVE-2017-9228;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap;out-of-bounds write occurs in bitset_set_range() during regular;expression compilation due to an uninitialized variable from an;incorrect state transition. An incorrect state transition in;parse_char_class() could create an execution path that leaves a;critical local variable uninitialized until it's used as an index,;resulting in an out-of-bounds write memory corruption.;;CVE-2017-9229;;An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in;Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs;in left_adjust_char_head() during regular expression compilation.;Invalid handling of reg->dmax in forward_search_range() could result in;an invalid pointer dereference, normally as an immediate;denial-of-service condition.
Descripción:Summary:
CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in match_at() during regular expression
searching. A logical error involving order of validation and access in
match_at() could result in an out-of-bounds read from a stack buffer.

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write or read occurs in next_state_val() during regular
expression compilation. Octal numbers larger than 0xff are not handled
correctly in fetch_token() and fetch_token_in_cc(). A malformed regular
expression containing an octal number in the form of '\700' would
produce an invalid code point value larger than 0xff in
next_state_val(), resulting in an out-of-bounds write memory
corruption.

CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack
out-of-bounds read occurs in mbc_enc_len() during regular expression
searching. Invalid handling of reg->dmin in forward_search_range()
could result in an invalid pointer dereference, as an out-of-bounds
read from a stack buffer.

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap
out-of-bounds write occurs in bitset_set_range() during regular
expression compilation due to an uninitialized variable from an
incorrect state transition. An incorrect state transition in
parse_char_class() could create an execution path that leaves a
critical local variable uninitialized until it's used as an index,
resulting in an out-of-bounds write memory corruption.

CVE-2017-9229

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in
Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs
in left_adjust_char_head() during regular expression compilation.
Invalid handling of reg->dmax in forward_search_range() could result in
an invalid pointer dereference, normally as an immediate
denial-of-service condition.

Affected Software/OS:
libonig on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
5.9.1-1+deb7u1.

We recommend that you upgrade your libonig packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-9224
BugTraq ID: 101244
http://www.securityfocus.com/bid/101244
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
Common Vulnerability Exposure (CVE) ID: CVE-2017-9226
Common Vulnerability Exposure (CVE) ID: CVE-2017-9227
BugTraq ID: 100538
http://www.securityfocus.com/bid/100538
Common Vulnerability Exposure (CVE) ID: CVE-2017-9228
Common Vulnerability Exposure (CVE) ID: CVE-2017-9229
CopyrightCopyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.