[3.6] oniguruma: Multiple vulnerabilities (CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228)ID: oval:org.secpod.oval:def:1800377 | Date: (C)2018-03-28 (M)2024-04-17 |
Class: PATCH | Family: unix |
CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at during regular expression searching. A logical error involving order of validation and access in match_at could result in an out-of-bounds read from a stack buffer. Fixed In Version: oniguruma 6.3.0
Platform: |
Alpine Linux 3.6 |