FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf)

High Nessus Plugin ID 101332

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

the PHP project reports :

- A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017-9224).

- A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption (CVE-2017-9226).

- A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer (CVE-2017-9227).

- A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption (CVE-2017-9228).

- A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition (CVE-2017-9228).

Solution

Update the affected packages.

See Also

http://php.net/ChangeLog-7.php

http://www.nessus.org/u?d3123c8d

Plugin Details

Severity: High

ID: 101332

File Name: freebsd_pkg_b396cf6c62e611e79defb499baebfeaf.nasl

Version: 3.4

Type: local

Published: 2017/07/10

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libevhtp, p-cpe:/a:freebsd:freebsd:oniguruma4, p-cpe:/a:freebsd:freebsd:oniguruma5, p-cpe:/a:freebsd:freebsd:oniguruma6, p-cpe:/a:freebsd:freebsd:php56-mbstring, p-cpe:/a:freebsd:freebsd:php70-mbstring, p-cpe:/a:freebsd:freebsd:php71-mbstring, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/07/07

Vulnerability Publication Date: 2017/07/06

Reference Information

CVE: CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228