Search for packages
Package details: pkg:deb/debian/libonig@5.9.1-1
purl pkg:deb/debian/libonig@5.9.1-1
Next non-vulnerable version 6.9.6-1.1
Latest non-vulnerable version 6.9.6-1.1
Risk 4.4
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-16pv-5tpc-aaae
Aliases:
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-1y4w-7sqk-aaad
Aliases:
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-761z-8m2h-aaaq
Aliases:
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-aerx-h83k-aaaf
Aliases:
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-d8gb-22wt-aaag
Aliases:
CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-f16c-amc9-aaae
Aliases:
CVE-2019-19012
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-gvfv-rq6n-aaaq
Aliases:
CVE-2019-19204
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-hsuv-pkxg-aaar
Aliases:
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-mpjk-r7xj-aaaq
Aliases:
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-sqtp-vevt-aaak
Aliases:
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-tdpv-tbk4-aaag
Aliases:
CVE-2019-19203
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-ufxy-f9gq-aaae
Aliases:
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-xe76-b24z-aaab
Aliases:
CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
6.9.6-1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:41:27.392584+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:39:20.402514+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:13:29.697634+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:24:53.572165+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:14.707045+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:44:05.549770+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T05:30:56.593798+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.1.3
2025-06-21T05:23:17.189128+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.1.3
2025-06-21T05:07:35.143499+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.1.3
2025-06-21T04:30:32.581211+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.1.3
2025-06-21T02:21:06.475417+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.1.3
2025-06-21T02:11:15.421548+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.1.3
2025-06-21T01:38:27.365741+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.1.3
2025-06-21T00:04:35.531537+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.1.3
2025-06-20T23:46:52.704542+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.1.3
2025-06-20T22:19:09.718639+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.1.3
2025-06-20T21:48:53.664271+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.1.3
2025-06-20T21:15:52.458449+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.1.3
2025-06-20T20:50:23.221542+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.1.3
2025-06-08T13:20:16.066879+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:12:05.320280+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:00:14.836673+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:54:29.530786+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:24:49.755171+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:11:30.670944+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:14:46.755403+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:33:45.350420+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:06:50.769433+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:19:01.182971+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:10.467817+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:36.850334+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T23:08:49.046356+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.1.0
2025-06-07T23:01:01.053244+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.1.0
2025-06-07T22:45:02.784030+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.1.0
2025-06-07T22:06:56.977215+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.1.0
2025-06-07T19:44:55.881685+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.1.0
2025-06-07T19:35:00.939421+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.1.0
2025-06-07T19:01:32.152707+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.1.0
2025-06-07T17:27:22.649011+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.1.0
2025-06-07T17:09:45.088670+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.1.0
2025-06-07T15:43:18.564403+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.1.0
2025-06-07T15:11:58.791221+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.1.0
2025-06-07T14:39:59.608382+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.1.0
2025-06-07T14:21:22.414893+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.1.0
2025-04-12T22:18:11.289645+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:26:09.704910+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:08:23.652369+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:06:11.316463+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:05:59.146735+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:36:11.248938+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:27:52.585820+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:08:23.876221+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:59:51.694346+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:47:36.840223+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:41:40.284911+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:10:56.633845+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:57:11.379269+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T15:55:38.847301+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:05:09.107992+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:39:28.398965+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:51:19.192218+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:02.521345+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:35.095009+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T21:40:51.935337+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.0.0
2025-04-07T21:33:01.901671+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.0.0
2025-04-07T21:16:53.926192+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.0.0
2025-04-07T20:38:16.926571+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.0.0
2025-04-07T18:22:43.841833+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.0.0
2025-04-07T18:12:43.185746+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.0.0
2025-04-07T17:39:23.634636+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.0.0
2025-04-07T16:01:46.569081+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.0.0
2025-04-07T15:43:22.282729+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.0.0
2025-04-07T14:14:05.362616+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.0.0
2025-04-07T13:43:42.966102+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.0.0
2025-04-07T13:12:04.340989+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.0.0
2025-04-07T12:54:02.367385+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.0.0