Description
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1296
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/kkos/oniguruma/issues/59
Scores
CVSS v3
7.5
EPSS
0.0035
EPSS Percentile
57.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (4)
oniguruma_project/oniguruma
6.2.0
php/php
< 7.1.5
php/php
5.6.0 - 5.6.31
ruby-lang/ruby
< 2.4.1
Published
May 24, 2017
Tracked Since
Feb 18, 2026