VulnerableCode Package Details - pkg:deb/debian/libonig@5.9.5-3.2

Search for packages

Package details: pkg:deb/debian/libonig@5.9.5-3.2

Essentials
History (76)

purl	pkg:deb/debian/libonig@5.9.5-3.2

Next non-vulnerable version	6.9.6-1.1
Latest non-vulnerable version	6.9.6-1.1
Risk	4.4

Vulnerabilities affecting this package (13)

Vulnerability	Summary	Fixed by
VCID-16pv-5tpc-aaae Aliases: CVE-2017-9229	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.	6.1.3-2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-1y4w-7sqk-aaad Aliases: CVE-2019-13225	A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.	6.9.6-1.1 Affected by 0 other vulnerabilities.
VCID-761z-8m2h-aaaq Aliases: CVE-2019-13224	A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.	6.9.6-1.1 Affected by 0 other vulnerabilities.
VCID-aerx-h83k-aaaf Aliases: CVE-2017-9227	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.	6.1.3-2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d8gb-22wt-aaag Aliases: CVE-2017-9225	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.	6.1.3-2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-f16c-amc9-aaae Aliases: CVE-2019-19012	An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.	6.9.6-1.1 Affected by 0 other vulnerabilities.
VCID-gvfv-rq6n-aaaq Aliases: CVE-2019-19204	An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.	6.9.6-1.1 Affected by 0 other vulnerabilities.
VCID-hsuv-pkxg-aaar Aliases: CVE-2017-9224	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.	6.1.3-2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mpjk-r7xj-aaaq Aliases: CVE-2019-19246	Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.	6.9.6-1.1 Affected by 0 other vulnerabilities.
VCID-sqtp-vevt-aaak Aliases: CVE-2017-9228	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.	6.1.3-2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tdpv-tbk4-aaag Aliases: CVE-2019-19203	An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.	6.9.6-1.1 Affected by 0 other vulnerabilities.
VCID-ufxy-f9gq-aaae Aliases: CVE-2017-9226	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.	6.1.3-2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xe76-b24z-aaab Aliases: CVE-2019-16163	Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.	6.9.6-1.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T17:41:27.394986+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:39:20.404870+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T14:13:29.699960+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:24:53.574616+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:01:14.709204+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:44:05.551393+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T05:30:56.595869+00:00	Debian Oval Importer	Affected by	VCID-tdpv-tbk4-aaag	None	36.1.3
2025-06-21T05:23:17.191083+00:00	Debian Oval Importer	Affected by	VCID-761z-8m2h-aaaq	None	36.1.3
2025-06-21T05:07:35.145609+00:00	Debian Oval Importer	Affected by	VCID-xe76-b24z-aaab	None	36.1.3
2025-06-21T04:30:32.583615+00:00	Debian Oval Importer	Affected by	VCID-1y4w-7sqk-aaad	None	36.1.3
2025-06-21T02:21:06.477928+00:00	Debian Oval Importer	Affected by	VCID-f16c-amc9-aaae	None	36.1.3
2025-06-21T02:11:15.423810+00:00	Debian Oval Importer	Affected by	VCID-mpjk-r7xj-aaaq	None	36.1.3
2025-06-21T01:38:27.367672+00:00	Debian Oval Importer	Affected by	VCID-gvfv-rq6n-aaaq	None	36.1.3
2025-06-21T00:04:35.534287+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	None	36.1.3
2025-06-20T23:46:52.706643+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	None	36.1.3
2025-06-20T22:19:09.721084+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	None	36.1.3
2025-06-20T21:48:53.666518+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	None	36.1.3
2025-06-20T21:15:52.460241+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	None	36.1.3
2025-06-20T20:50:23.223128+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	None	36.1.3
2025-06-08T13:20:16.068419+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T13:12:05.321831+00:00	Debian Oval Importer	Affected by	VCID-f16c-amc9-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T13:00:14.838220+00:00	Debian Oval Importer	Affected by	VCID-gvfv-rq6n-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:54:29.532367+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:24:49.756737+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:11:30.672530+00:00	Debian Oval Importer	Affected by	VCID-xe76-b24z-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:14:46.756946+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:33:45.351930+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:06:50.771231+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:19:01.184500+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:56:10.469639+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:59:36.851886+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T23:08:49.048236+00:00	Debian Oval Importer	Affected by	VCID-tdpv-tbk4-aaag	None	36.1.0
2025-06-07T23:01:01.055425+00:00	Debian Oval Importer	Affected by	VCID-761z-8m2h-aaaq	None	36.1.0
2025-06-07T22:45:02.785889+00:00	Debian Oval Importer	Affected by	VCID-xe76-b24z-aaab	None	36.1.0
2025-06-07T22:06:56.979043+00:00	Debian Oval Importer	Affected by	VCID-1y4w-7sqk-aaad	None	36.1.0
2025-06-07T19:44:55.883213+00:00	Debian Oval Importer	Affected by	VCID-f16c-amc9-aaae	None	36.1.0
2025-06-07T19:35:00.940960+00:00	Debian Oval Importer	Affected by	VCID-mpjk-r7xj-aaaq	None	36.1.0
2025-06-07T19:01:32.154238+00:00	Debian Oval Importer	Affected by	VCID-gvfv-rq6n-aaaq	None	36.1.0
2025-06-07T17:27:22.650547+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	None	36.1.0
2025-06-07T17:09:45.090223+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	None	36.1.0
2025-06-07T15:43:18.566194+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	None	36.1.0
2025-06-07T15:11:58.793496+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	None	36.1.0
2025-06-07T14:39:59.609912+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	None	36.1.0
2025-06-07T14:21:22.416434+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	None	36.1.0
2025-04-12T22:18:11.294801+00:00	Debian Oval Importer	Affected by	VCID-mpjk-r7xj-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:26:09.709871+00:00	Debian Oval Importer	Affected by	VCID-761z-8m2h-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:08:23.657634+00:00	Debian Oval Importer	Affected by	VCID-tdpv-tbk4-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:06:11.321446+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:05:59.151812+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:36:11.253906+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:27:52.591172+00:00	Debian Oval Importer	Affected by	VCID-1y4w-7sqk-aaad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:08:23.881179+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:59:51.698933+00:00	Debian Oval Importer	Affected by	VCID-f16c-amc9-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:47:36.844990+00:00	Debian Oval Importer	Affected by	VCID-gvfv-rq6n-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:41:40.289768+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:10:56.638841+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:57:11.383756+00:00	Debian Oval Importer	Affected by	VCID-xe76-b24z-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T15:55:38.852383+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:05:09.112948+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:39:28.403464+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:51:19.197143+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:28:02.526294+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:30:35.099686+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T21:40:51.940670+00:00	Debian Oval Importer	Affected by	VCID-tdpv-tbk4-aaag	None	36.0.0
2025-04-07T21:33:01.907524+00:00	Debian Oval Importer	Affected by	VCID-761z-8m2h-aaaq	None	36.0.0
2025-04-07T21:16:53.931587+00:00	Debian Oval Importer	Affected by	VCID-xe76-b24z-aaab	None	36.0.0
2025-04-07T20:38:16.931841+00:00	Debian Oval Importer	Affected by	VCID-1y4w-7sqk-aaad	None	36.0.0
2025-04-07T18:22:43.846588+00:00	Debian Oval Importer	Affected by	VCID-f16c-amc9-aaae	None	36.0.0
2025-04-07T18:12:43.191005+00:00	Debian Oval Importer	Affected by	VCID-mpjk-r7xj-aaaq	None	36.0.0
2025-04-07T17:39:23.639911+00:00	Debian Oval Importer	Affected by	VCID-gvfv-rq6n-aaaq	None	36.0.0
2025-04-07T16:01:46.576280+00:00	Debian Oval Importer	Affected by	VCID-hsuv-pkxg-aaar	None	36.0.0
2025-04-07T15:43:22.287975+00:00	Debian Oval Importer	Affected by	VCID-aerx-h83k-aaaf	None	36.0.0
2025-04-07T14:14:05.367923+00:00	Debian Oval Importer	Affected by	VCID-16pv-5tpc-aaae	None	36.0.0
2025-04-07T13:43:42.971273+00:00	Debian Oval Importer	Affected by	VCID-ufxy-f9gq-aaae	None	36.0.0
2025-04-07T13:12:04.346542+00:00	Debian Oval Importer	Affected by	VCID-sqtp-vevt-aaak	None	36.0.0
2025-04-07T12:54:02.373871+00:00	Debian Oval Importer	Affected by	VCID-d8gb-22wt-aaag	None	36.0.0