Description

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.

Remediation

References

CVE-2017-9227

Related Vulnerabilities

WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2.1)

WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Security Bypass (1.3.5)

WordPress Plugin Music Store Cross-Site Scripting (1.0.41)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36625)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5317)

Severity

Critical

Classification

CVE-2017-9227 CWE-125 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities