CVE-2017-9229

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-9229
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9229.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-9229
Downstream
Related
Published
2017-05-24T15:29:00Z
Modified
2025-10-22T10:14:38.275445Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead() during regular expression compilation. Invalid handling of reg->dmax in forwardsearch_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.

References

Affected packages

Git / github.com/kkos/oniguruma

Affected ranges

Type
GIT
Repo
https://github.com/kkos/oniguruma
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b690371bbf97794b4a1d3f295d4fb9a8b05d402d

Affected versions

v5.*

v5.9.6

v6.*

v6.0.0
v6.1.0
v6.1.1
v6.1.2
v6.1.3

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d",
        "target": {
            "function": "forward_search_range",
            "file": "src/regexec.c"
        },
        "digest": {
            "function_hash": "105094539439841922480547185931894644113",
            "length": 3086.0
        },
        "deprecated": false,
        "id": "CVE-2017-9229-2b3e9cd2",
        "signature_version": "v1",
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d",
        "target": {
            "file": "src/regexec.c"
        },
        "digest": {
            "line_hashes": [
                "238193524994326941537268933406975216315",
                "323539855602310814567028195441961855234",
                "219948217909986542639566319432215472492",
                "29692786740800380382408848046168031926",
                "297123705308508685111363668584463538286",
                "35490740505333762553166574200435388724",
                "206860580592534291063270562780357167672",
                "231276264933485246742963358198498899993",
                "223498094614570401752945301332299570037",
                "241074634920618019596635727660223892802",
                "302066423732294138736347109270700250069",
                "223933234807833074803479263502432519355",
                "250386841442677365720412883020285542002",
                "23757839308301754900811200943268626812",
                "36125937906016925669278558201631510719"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2017-9229-7c84093e",
        "signature_version": "v1",
        "signature_type": "Line"
    }
]

Git / github.com/kkos/oniguruma

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
fc1df8e7a6886e29a6ed5bef3f674ac61164e847
Fixed
de96a08a90e480f1afb655bcfeac8ac28a14228e