{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-03T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"}, {"name": "RHSA-2018:1296", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kkos/oniguruma/issues/60"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b", "refsource": "CONFIRM", "url": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"}, {"name": "RHSA-2018:1296", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"name": "https://github.com/kkos/oniguruma/issues/60", "refsource": "CONFIRM", "url": "https://github.com/kkos/oniguruma/issues/60"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:02:43.688Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"}, {"name": "RHSA-2018:1296", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kkos/oniguruma/issues/60"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9228", "datePublished": "2017-05-24T15:00:00", "dateReserved": "2017-05-24T00:00:00", "dateUpdated": "2024-08-05T17:02:43.688Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "71A9EC32-B30C-40DF-9937-654BC977DCC4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "00E9E5A8-4C71-471D-97E9-FDE368D1EB71", "versionEndExcluding": "5.6.31", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABE3BCB8-C2C7-4E44-A4D2-AA1DAE9555DB", "versionEndExcluding": "7.0.21", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "5799FA9F-8C0B-4B86-9D2C-558DFF64AA6C", "versionEndExcluding": "7.1.7", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Oniguruma versi\u00f3n 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versi\u00f3n  2.4.1 y mbstring en PHP hasta la versi\u00f3n 7.1.5. Se produce una escritura fuera del l\u00edmite de la pila en bitset_set_range() durante la compilaci\u00f3n de expresiones regulares debido a una variable no inicializada de una transici\u00f3n de estado incorrecta. Una transici\u00f3n de estado incorrecta en parse_char_class() podr\u00eda dise\u00f1ar una ruta (path) de ejecuci\u00f3n que deje una variable local cr\u00edtica sin inicializar hasta que se utilice como un \u00edndice, resultando en una corrupci\u00f3n de memoria de escritura fuera de los l\u00edmites."}], "id": "CVE-2017-9228", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-24T15:29:00.370", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/kkos/oniguruma/issues/60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/kkos/oniguruma/issues/60"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-php70-php-0:7.0.27-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-php70-php-0:7.0.27-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-05-03T00:00:00Z"}], "bugzilla": {"description": "oniguruma: Out-of-bounds heap write in bitset_set_range()", "id": "1466740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466740"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-122", "details": ["An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption."], "name": "CVE-2017-9228", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Under investigation", "package_name": "rh-ruby22-ruby", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Under investigation", "package_name": "ruby-200-ruby", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "oniguruma", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby22-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby23-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby24-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Under investigation", "package_name": "ruby193-ruby", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2017-05-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-9228\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9228"], "threat_severity": "Moderate"}