Skip to main content

Oniguruma

13 CVEs product

Monthly

CVE-2019-19246 HIGH PATCH This Week

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

PHP Buffer Overflow Information Disclosure Oniguruma Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2019-19204 HIGH POC This Week

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2019-19203 HIGH POC This Week

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2019-19012 CRITICAL POC THREAT Act Now

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
9.8
EPSS
10.5%
CVE-2019-16163 HIGH POC PATCH This Week

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Oniguruma Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-13225 MEDIUM PATCH This Month

A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference PHP Denial Of Service Oniguruma Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13224 CRITICAL PATCH Act Now

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

PHP Denial Of Service Information Disclosure RCE Memory Corruption +5
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2017-9229 HIGH POC PATCH This Week

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service PHP Oniguruma Ruby
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-9228 CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption PHP Oniguruma
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-9227 CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Oniguruma
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-9226 CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption PHP Oniguruma
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-9225 CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption PHP Oniguruma Ruby
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-9224 CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Oniguruma
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

PHP Buffer Overflow Information Disclosure +4
NVD GitHub
EPSS 7% CVSS 7.5
HIGH POC This Week

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma +1
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Oniguruma +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Oniguruma Fedora +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference PHP Denial Of Service +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

PHP Denial Of Service Information Disclosure +7
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service PHP +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption PHP +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption PHP +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption PHP +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy