Search for packages
Package details: pkg:deb/debian/libonig@5.2.0-1
purl pkg:deb/debian/libonig@5.2.0-1
Next non-vulnerable version 6.9.6-1.1
Latest non-vulnerable version 6.9.6-1.1
Risk 4.4
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-16pv-5tpc-aaae
Aliases:
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-1y4w-7sqk-aaad
Aliases:
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-761z-8m2h-aaaq
Aliases:
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-aerx-h83k-aaaf
Aliases:
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-d8gb-22wt-aaag
Aliases:
CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-f16c-amc9-aaae
Aliases:
CVE-2019-19012
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-gvfv-rq6n-aaaq
Aliases:
CVE-2019-19204
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-hsuv-pkxg-aaar
Aliases:
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-mpjk-r7xj-aaaq
Aliases:
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-sqtp-vevt-aaak
Aliases:
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-tdpv-tbk4-aaag
Aliases:
CVE-2019-19203
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-ufxy-f9gq-aaae
Aliases:
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-xe76-b24z-aaab
Aliases:
CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
6.9.6-1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:41:27.390057+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:39:20.399817+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:13:29.695215+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:24:53.569587+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:14.704727+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:44:05.548079+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T05:30:56.591852+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.1.3
2025-06-21T05:23:17.186796+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.1.3
2025-06-21T05:07:35.141233+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.1.3
2025-06-21T04:30:32.578842+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.1.3
2025-06-21T02:21:06.472940+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.1.3
2025-06-21T02:11:15.419233+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.1.3
2025-06-21T01:38:27.363727+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.1.3
2025-06-21T00:04:35.529092+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.1.3
2025-06-20T23:46:52.702224+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.1.3
2025-06-20T22:19:09.716233+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.1.3
2025-06-20T21:48:53.661926+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.1.3
2025-06-20T21:15:52.456583+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.1.3
2025-06-20T20:50:23.219893+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.1.3
2025-06-08T13:20:16.065192+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:12:05.318675+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:00:14.834827+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:54:29.528687+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:24:49.753423+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:11:30.669181+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:14:46.753734+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:33:45.348790+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:06:50.767552+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:19:01.181265+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:10.465943+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:36.848685+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T23:08:49.044352+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.1.0
2025-06-07T23:01:01.051091+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.1.0
2025-06-07T22:45:02.782158+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.1.0
2025-06-07T22:06:56.975319+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.1.0
2025-06-07T19:44:55.880021+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.1.0
2025-06-07T19:35:00.937766+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.1.0
2025-06-07T19:01:32.151058+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.1.0
2025-06-07T17:27:22.647264+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.1.0
2025-06-07T17:09:45.086754+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.1.0
2025-06-07T15:43:18.562531+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.1.0
2025-06-07T15:11:58.789517+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.1.0
2025-06-07T14:39:59.606724+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.1.0
2025-06-07T14:21:22.413213+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.1.0
2025-04-12T22:18:11.284614+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:26:09.699895+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:08:23.647028+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:06:11.311476+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:05:59.141717+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:36:11.243843+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:27:52.580664+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:08:23.871231+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:59:51.690152+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:47:36.835540+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:41:40.280488+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:10:56.629184+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:57:11.374667+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T15:55:38.842300+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:05:09.102963+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:39:28.394382+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:51:19.187932+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:02.516350+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:35.090632+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T21:40:51.930587+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.0.0
2025-04-07T21:33:01.896210+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.0.0
2025-04-07T21:16:53.921403+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.0.0
2025-04-07T20:38:16.920976+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.0.0
2025-04-07T18:22:43.837542+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.0.0
2025-04-07T18:12:43.180965+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.0.0
2025-04-07T17:39:23.629211+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.0.0
2025-04-07T16:01:46.562418+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.0.0
2025-04-07T15:43:22.277964+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.0.0
2025-04-07T14:14:05.356724+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.0.0
2025-04-07T13:43:42.961362+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.0.0
2025-04-07T13:12:04.336184+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.0.0
2025-04-07T12:54:02.360913+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.0.0