Search for packages
Package details: pkg:deb/debian/libonig@5.9.5-3.2%2Bdeb8u1
purl pkg:deb/debian/libonig@5.9.5-3.2%2Bdeb8u1
Next non-vulnerable version 6.9.6-1.1
Latest non-vulnerable version 6.9.6-1.1
Risk 4.4
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-16pv-5tpc-aaae
Aliases:
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-1y4w-7sqk-aaad
Aliases:
CVE-2019-13225
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-761z-8m2h-aaaq
Aliases:
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-aerx-h83k-aaaf
Aliases:
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-d8gb-22wt-aaag
Aliases:
CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-f16c-amc9-aaae
Aliases:
CVE-2019-19012
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-gvfv-rq6n-aaaq
Aliases:
CVE-2019-19204
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-hsuv-pkxg-aaar
Aliases:
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-mpjk-r7xj-aaaq
Aliases:
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-sqtp-vevt-aaak
Aliases:
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-tdpv-tbk4-aaag
Aliases:
CVE-2019-19203
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
6.9.6-1.1
Affected by 0 other vulnerabilities.
VCID-ufxy-f9gq-aaae
Aliases:
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
6.1.3-2
Affected by 7 other vulnerabilities.
VCID-xe76-b24z-aaab
Aliases:
CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
6.9.6-1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:41:27.397450+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:39:20.407291+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:13:29.702237+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:24:53.577182+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:14.711368+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:44:05.553011+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T05:30:56.598255+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.1.3
2025-06-21T05:23:17.193133+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.1.3
2025-06-21T05:07:35.147699+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.1.3
2025-06-21T04:30:32.586727+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.1.3
2025-06-21T02:21:06.480709+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.1.3
2025-06-21T02:11:15.426060+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.1.3
2025-06-21T01:38:27.369546+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.1.3
2025-06-21T00:04:35.536642+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.1.3
2025-06-20T23:46:52.708517+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.1.3
2025-06-20T22:19:09.723481+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.1.3
2025-06-20T21:48:53.668788+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.1.3
2025-06-20T21:15:52.462034+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.1.3
2025-06-20T20:50:23.224718+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.1.3
2025-06-08T13:20:16.069926+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:12:05.323392+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:00:14.839742+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:54:29.533954+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:24:49.758235+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:11:30.674427+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:14:46.758470+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:33:45.353456+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:06:50.773107+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:19:01.186022+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:10.471455+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:59:36.853405+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T23:08:49.050098+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.1.0
2025-06-07T23:01:01.057771+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.1.0
2025-06-07T22:45:02.787620+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.1.0
2025-06-07T22:06:56.980857+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.1.0
2025-06-07T19:44:55.884731+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.1.0
2025-06-07T19:35:00.942487+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.1.0
2025-06-07T19:01:32.155786+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.1.0
2025-06-07T17:27:22.652185+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.1.0
2025-06-07T17:09:45.091740+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.1.0
2025-06-07T15:43:18.567974+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.1.0
2025-06-07T15:11:58.795435+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.1.0
2025-06-07T14:39:59.611446+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.1.0
2025-06-07T14:21:22.417952+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.1.0
2025-04-12T22:18:11.299998+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:26:09.714980+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:08:23.662573+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:06:11.326370+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:05:59.156763+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:36:11.258921+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:27:52.596262+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:08:23.886091+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:59:51.703865+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:47:36.849935+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:41:40.294944+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:10:56.643849+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:57:11.388250+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T15:55:38.857355+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:05:09.117903+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:39:28.407906+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:51:19.202037+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:02.531240+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:30:35.104561+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T21:40:51.946029+00:00 Debian Oval Importer Affected by VCID-tdpv-tbk4-aaag None 36.0.0
2025-04-07T21:33:01.912862+00:00 Debian Oval Importer Affected by VCID-761z-8m2h-aaaq None 36.0.0
2025-04-07T21:16:53.936948+00:00 Debian Oval Importer Affected by VCID-xe76-b24z-aaab None 36.0.0
2025-04-07T20:38:16.937138+00:00 Debian Oval Importer Affected by VCID-1y4w-7sqk-aaad None 36.0.0
2025-04-07T18:22:43.851659+00:00 Debian Oval Importer Affected by VCID-f16c-amc9-aaae None 36.0.0
2025-04-07T18:12:43.196274+00:00 Debian Oval Importer Affected by VCID-mpjk-r7xj-aaaq None 36.0.0
2025-04-07T17:39:23.645184+00:00 Debian Oval Importer Affected by VCID-gvfv-rq6n-aaaq None 36.0.0
2025-04-07T16:01:46.581389+00:00 Debian Oval Importer Affected by VCID-hsuv-pkxg-aaar None 36.0.0
2025-04-07T15:43:22.293257+00:00 Debian Oval Importer Affected by VCID-aerx-h83k-aaaf None 36.0.0
2025-04-07T14:14:05.373401+00:00 Debian Oval Importer Affected by VCID-16pv-5tpc-aaae None 36.0.0
2025-04-07T13:43:42.976861+00:00 Debian Oval Importer Affected by VCID-ufxy-f9gq-aaae None 36.0.0
2025-04-07T13:12:04.352032+00:00 Debian Oval Importer Affected by VCID-sqtp-vevt-aaak None 36.0.0
2025-04-07T12:54:02.380116+00:00 Debian Oval Importer Affected by VCID-d8gb-22wt-aaag None 36.0.0