Description
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Filebase Download Manager Multiple Unspecified Vulnerabilities (0.2.9.24)
WordPress Plugin WP-PostRatings Cross-Site Scripting (1.50)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.1.2)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)
WordPress Plugin zeList Directory Cross-Site Scripting (0.5.11.07)