Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression
compilation due to an uninitialized variable from an incorrect state transition. An incorrect state
transition in parse_char_class() could create an execution path that leaves a critical local variable
uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
(CVE-2017-9228)
- The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd),
as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially
crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack,
potentially disclosing sensitive information. (CVE-2017-7890)
- An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A
logical error involving order of validation and access in match_at() could result in an out-of-bounds read
from a stack buffer. (CVE-2017-9224)
- An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression
compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and
fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would
produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds
write memory corruption. (CVE-2017-9226)
- An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.
Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as
an out-of-bounds read from a stack buffer. (CVE-2017-9227)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 5/22/2017