Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-13224: Fix CVE-2019-13224: don't allow different encodings for onig_new_delu… · kkos/oniguruma@0f7f61e

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

CVE
#dos#php#ruby

@@ -29,6 +29,7 @@

#include “regint.h”

#if 0

static void

conv_ext0be32(const UChar* s, const UChar* end, UChar* conv)

{

@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e

return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;

}

#endif

extern int

onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,

@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,

if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL;

if (ci->pattern_enc != ci->target_enc) {

r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end,

&cpat, &cpat_end);

if (r != 0) return r;

return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;

}

else {

cpat = (UChar* )pattern;

Related news

Red Hat Security Advisory 2024-0889-03

Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2016-4343: PHP: PHP 7 ChangeLog

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907