CVE-2017-9227

HIGH

Description

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

References

http://www.securityfocus.com/bid/100538

https://access.redhat.com/errata/RHSA-2018:1296

https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814

https://github.com/kkos/oniguruma/issues/58

Details

Source: MITRE

Published: 2017-05-24

Updated: 2018-05-04

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (28 total)

ID	Name	Product	Family	Severity
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	critical
129184	EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1990)	Nessus	Huawei Local Security Checks	high
121702	Photon OS 1.0: Ruby PHSA-2017-0021	Nessus	PhotonOS Local Security Checks	high
98864	PHP 7.1.x < 7.1.7 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	critical
98844	PHP 7.0.x < 7.0.21 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	critical
98822	PHP 5.6.x < 5.6.31 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	critical
120000	SUSE SLES12 Security Update : php7 (SUSE-SU-2017:1717-1)	Nessus	SuSE Local Security Checks	high
119999	SUSE SLES12 Security Update : php5 (SUSE-SU-2017:1662-1)	Nessus	SuSE Local Security Checks	high
111870	Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)	Nessus	PhotonOS Local Security Checks	high
103121	Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12	Nessus	Misc.	high
102545	Amazon Linux AMI : php56 (ALAS-2017-871)	Nessus	Amazon Linux Local Security Checks	high
102416	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : php5, php7.0 vulnerabilities (USN-3382-1)	Nessus	Ubuntu Local Security Checks	high
102181	Amazon Linux AMI : php70 (ALAS-2017-867)	Nessus	Amazon Linux Local Security Checks	high
101864	Fedora 24 : php (2017-5ade380ab2)	Nessus	Fedora Local Security Checks	high
101797	Fedora 26 : php (2017-b8bb4b86e2)	Nessus	Fedora Local Security Checks	high
101745	Fedora 26 : oniguruma (2017-ee01a2ced6)	Nessus	Fedora Local Security Checks	high
101538	Fedora 25 : php (2017-b674dc22ad)	Nessus	Fedora Local Security Checks	high
101527	PHP 7.1.x < 7.1.7 Multiple Vulnerabilities	Nessus	CGI abuses	critical
101526	PHP 7.0.x < 7.0.21 Multiple Vulnerabilities	Nessus	CGI abuses	critical
101525	PHP 5.6.x < 5.6.31 Multiple Vulnerabilities	Nessus	CGI abuses	high
101332	FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
101316	Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2017-188-01)	Nessus	Slackware Local Security Checks	high
101287	openSUSE Security Update : php7 (openSUSE-2017-790)	Nessus	SuSE Local Security Checks	high
101219	openSUSE Security Update : php5 (openSUSE-2017-764)	Nessus	SuSE Local Security Checks	high
100866	SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)	Nessus	SuSE Local Security Checks	high
100748	Fedora 24 : oniguruma (2017-e2d6d0067f)	Nessus	Fedora Local Security Checks	high
100730	Fedora 25 : oniguruma (2017-60997f0d14)	Nessus	Fedora Local Security Checks	high
100478	Debian DLA-958-1 : libonig security update	Nessus	Debian Local Security Checks	high