CVE-2017-9224

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.42 % (74^th)

Affected Products 2

Advisories 20

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-05-24 15:29:00
(7 years ago)
Updated Date: 2022-07-20 16:38:45
(2 years ago)

Affected Products

Oniguruma Project

Oniguruma

Php

Configuration #1

		CPE23	From	Up To
	Oniguruma Project Oniguruma 6.2.0	cpe:2.3:a:oniguruma_project:oniguruma:6.2.0

Configuration #2

	CPE23	From	Up To
Php prior 5.6.31 version	cpe:2.3:a:php:php		< 5.6.31
Php from 7.0.0 version and prior 7.0.21 version	cpe:2.3:a:php:php	>= 7.0.0	< 7.0.21
Php from 7.1.0 version and prior 7.1.7 version	cpe:2.3:a:php:php	>= 7.1.0	< 7.1.7