Description

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.

Remediation

References

CVE-2017-9224

Related Vulnerabilities

MySQL CVE-2021-2278 Vulnerability (CVE-2021-2278)

WordPress Plugin ElasticPress Cross-Site Request Forgery (3.5.3)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.19)

WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)

Severity

Critical

Classification

CVE-2017-9224 CWE-125 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities