OSV-2020-1834

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/oniguruma/OSV-2020-1834.yaml

Published

2020-09-25T00:00:07.959427Z

Modified

2022-04-13T03:04:40.937721Z

Summary

Stack-buffer-overflow in onigenc_unicode_get_case_fold_codes_by_str

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25893

Crash type: Stack-buffer-overflow WRITE 4
Crash state:
onigenc_unicode_get_case_fold_codes_by_str
utf16be_get_case_fold_codes_by_str
unravel_case_fold_string

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25893

Affected packages

OSS-Fuzz / oniguruma

Package

Name: oniguruma

Affected ranges

Type: GIT
Repo: https://github.com/kkos/oniguruma.git
Events: Introduced

864c1d8c76575057fef22abd7e44d8bf3fc27dca

Fixed

a4aaa67878509ea8296ef349bcfe98da48bc5457

Fixed

e11958537b4f14ddf3eb03a0eb08142e4f35a926

Ecosystem specific

{
    "severity": "HIGH",
    "introduced_range": "cdff3c762abc4c1aedfe9900b65698cd08d6959b:14f5efb82321e26502caa2df3c58aa1c2d36c801"
}

Database specific

{
    "fixed_range": "48a40c7238d989f25bbfa6339de71cf9189cb81b:e11958537b4f14ddf3eb03a0eb08142e4f35a926"
}