Search for packages
| purl | pkg:deb/debian/libonig@6.1.3-2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1y4w-7sqk-aaad
Aliases: CVE-2019-13225 |
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. |
Affected by 0 other vulnerabilities. |
|
VCID-761z-8m2h-aaaq
Aliases: CVE-2019-13224 |
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. |
Affected by 0 other vulnerabilities. |
|
VCID-f16c-amc9-aaae
Aliases: CVE-2019-19012 |
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. |
Affected by 0 other vulnerabilities. |
|
VCID-gvfv-rq6n-aaaq
Aliases: CVE-2019-19204 |
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. |
Affected by 0 other vulnerabilities. |
|
VCID-mpjk-r7xj-aaaq
Aliases: CVE-2019-19246 |
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. |
Affected by 0 other vulnerabilities. |
|
VCID-tdpv-tbk4-aaag
Aliases: CVE-2019-19203 |
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. |
Affected by 0 other vulnerabilities. |
|
VCID-xe76-b24z-aaab
Aliases: CVE-2019-16163 |
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-16pv-5tpc-aaae | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. |
CVE-2017-9229
|
| VCID-aerx-h83k-aaaf | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. |
CVE-2017-9227
|
| VCID-d8gb-22wt-aaag | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. |
CVE-2017-9225
|
| VCID-hsuv-pkxg-aaar | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. |
CVE-2017-9224
|
| VCID-sqtp-vevt-aaak | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. |
CVE-2017-9228
|
| VCID-ufxy-f9gq-aaae | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. |
CVE-2017-9226
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:41:27.400303+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:39:20.409726+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:13:29.704499+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:24:53.580443+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:01:14.713542+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:44:05.554643+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T05:30:56.600182+00:00 | Debian Oval Importer | Affected by | VCID-tdpv-tbk4-aaag | None | 36.1.3 |
| 2025-06-21T05:23:17.195004+00:00 | Debian Oval Importer | Affected by | VCID-761z-8m2h-aaaq | None | 36.1.3 |
| 2025-06-21T05:07:35.149787+00:00 | Debian Oval Importer | Affected by | VCID-xe76-b24z-aaab | None | 36.1.3 |
| 2025-06-21T04:30:32.588784+00:00 | Debian Oval Importer | Affected by | VCID-1y4w-7sqk-aaad | None | 36.1.3 |
| 2025-06-21T02:21:06.482914+00:00 | Debian Oval Importer | Affected by | VCID-f16c-amc9-aaae | None | 36.1.3 |
| 2025-06-21T02:11:15.428287+00:00 | Debian Oval Importer | Affected by | VCID-mpjk-r7xj-aaaq | None | 36.1.3 |
| 2025-06-21T01:38:27.371635+00:00 | Debian Oval Importer | Affected by | VCID-gvfv-rq6n-aaaq | None | 36.1.3 |
| 2025-06-21T00:04:35.539583+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | None | 36.1.3 |
| 2025-06-20T23:46:52.710418+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | None | 36.1.3 |
| 2025-06-20T22:19:09.725840+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | None | 36.1.3 |
| 2025-06-20T21:48:53.671076+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | None | 36.1.3 |
| 2025-06-20T21:15:52.463867+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | None | 36.1.3 |
| 2025-06-20T20:50:23.226842+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | None | 36.1.3 |
| 2025-06-08T13:20:16.071467+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T13:12:05.324900+00:00 | Debian Oval Importer | Affected by | VCID-f16c-amc9-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T13:00:14.841293+00:00 | Debian Oval Importer | Affected by | VCID-gvfv-rq6n-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:54:29.535551+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:24:49.759776+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:11:30.676457+00:00 | Debian Oval Importer | Affected by | VCID-xe76-b24z-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:14:46.760003+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:33:45.354970+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:06:50.774962+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:19:01.187620+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:56:10.473280+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:59:36.854967+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T23:08:49.051997+00:00 | Debian Oval Importer | Affected by | VCID-tdpv-tbk4-aaag | None | 36.1.0 |
| 2025-06-07T23:01:01.059651+00:00 | Debian Oval Importer | Affected by | VCID-761z-8m2h-aaaq | None | 36.1.0 |
| 2025-06-07T22:45:02.789343+00:00 | Debian Oval Importer | Affected by | VCID-xe76-b24z-aaab | None | 36.1.0 |
| 2025-06-07T22:06:56.983817+00:00 | Debian Oval Importer | Affected by | VCID-1y4w-7sqk-aaad | None | 36.1.0 |
| 2025-06-07T19:44:55.886253+00:00 | Debian Oval Importer | Affected by | VCID-f16c-amc9-aaae | None | 36.1.0 |
| 2025-06-07T19:35:00.944023+00:00 | Debian Oval Importer | Affected by | VCID-mpjk-r7xj-aaaq | None | 36.1.0 |
| 2025-06-07T19:01:32.157329+00:00 | Debian Oval Importer | Affected by | VCID-gvfv-rq6n-aaaq | None | 36.1.0 |
| 2025-06-07T17:27:22.653774+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | None | 36.1.0 |
| 2025-06-07T17:09:45.093291+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | None | 36.1.0 |
| 2025-06-07T15:43:18.569798+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | None | 36.1.0 |
| 2025-06-07T15:11:58.797021+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | None | 36.1.0 |
| 2025-06-07T14:39:59.613003+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | None | 36.1.0 |
| 2025-06-07T14:21:22.419509+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | None | 36.1.0 |
| 2025-04-12T22:18:11.304835+00:00 | Debian Oval Importer | Affected by | VCID-mpjk-r7xj-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:26:09.719826+00:00 | Debian Oval Importer | Affected by | VCID-761z-8m2h-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:08:23.667496+00:00 | Debian Oval Importer | Affected by | VCID-tdpv-tbk4-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:06:11.331383+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:05:59.161968+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:36:11.263908+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:27:52.601309+00:00 | Debian Oval Importer | Affected by | VCID-1y4w-7sqk-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:08:23.891024+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:59:51.708715+00:00 | Debian Oval Importer | Affected by | VCID-f16c-amc9-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:47:36.854926+00:00 | Debian Oval Importer | Affected by | VCID-gvfv-rq6n-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:40.300462+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:10:56.648915+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:57:11.392868+00:00 | Debian Oval Importer | Affected by | VCID-xe76-b24z-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T15:55:38.862264+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:05:09.122958+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:39:28.412355+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:51:19.207178+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:28:02.536175+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:30:35.109521+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T21:40:51.951772+00:00 | Debian Oval Importer | Affected by | VCID-tdpv-tbk4-aaag | None | 36.0.0 |
| 2025-04-07T21:33:01.918289+00:00 | Debian Oval Importer | Affected by | VCID-761z-8m2h-aaaq | None | 36.0.0 |
| 2025-04-07T21:16:53.942507+00:00 | Debian Oval Importer | Affected by | VCID-xe76-b24z-aaab | None | 36.0.0 |
| 2025-04-07T20:38:16.942513+00:00 | Debian Oval Importer | Affected by | VCID-1y4w-7sqk-aaad | None | 36.0.0 |
| 2025-04-07T18:22:43.856611+00:00 | Debian Oval Importer | Affected by | VCID-f16c-amc9-aaae | None | 36.0.0 |
| 2025-04-07T18:12:43.201660+00:00 | Debian Oval Importer | Affected by | VCID-mpjk-r7xj-aaaq | None | 36.0.0 |
| 2025-04-07T17:39:23.650615+00:00 | Debian Oval Importer | Affected by | VCID-gvfv-rq6n-aaaq | None | 36.0.0 |
| 2025-04-07T16:01:46.586805+00:00 | Debian Oval Importer | Fixing | VCID-hsuv-pkxg-aaar | None | 36.0.0 |
| 2025-04-07T15:43:22.298966+00:00 | Debian Oval Importer | Fixing | VCID-aerx-h83k-aaaf | None | 36.0.0 |
| 2025-04-07T14:14:05.378897+00:00 | Debian Oval Importer | Fixing | VCID-16pv-5tpc-aaae | None | 36.0.0 |
| 2025-04-07T13:43:42.982197+00:00 | Debian Oval Importer | Fixing | VCID-ufxy-f9gq-aaae | None | 36.0.0 |
| 2025-04-07T13:12:04.357432+00:00 | Debian Oval Importer | Fixing | VCID-sqtp-vevt-aaak | None | 36.0.0 |
| 2025-04-07T12:54:02.386248+00:00 | Debian Oval Importer | Fixing | VCID-d8gb-22wt-aaag | None | 36.0.0 |