Lxxxxfdho

**Name of the Vulnerable Software and Affected Versions** Oniguruma version 6.2.0 Oniguruma-mod in Ruby versions through 2.4.1 mbstring in PHP versions through 7.1.5 **Description** An issue was discovered that causes a SIGSEGV in `left adjust char head()` during regular expression compilation. This occurs due to invalid handling of `reg->dmax` in `forward search range()`, which could result in an invalid pointer dereference. The issue normally leads to an immediate denial-of-service condition. **Recommendations** For Oniguruma version 6.2.0, update to a version that fixes the issue in `left adjust char head()` and `forward search range()`. For Oniguruma-mod in Ruby versions through 2.4.1, update Ruby to a version that includes the fix for the Oniguruma issue. For mbstring in PHP versions through 7.1.5, update PHP to a version that includes the fix for the mbstring issue. As a temporary workaround, consider restricting the use of regular expressions in affected applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oniguruma versions 6.2.0 **Description** The issue is caused by an incorrect state transition in the `parse char class()` function, leading to the possibility of using an uninitialized variable when writing to a buffer. This can result in a heap out-of-bounds write in the `bitset set range()` function during regular expression compilation, causing memory corruption. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Oniguruma version 6.2.0, consider updating to a newer version that contains a fix for this issue, as the current version is affected by the incorrect state transition in `parse char class()` and the subsequent out-of-bounds write in `bitset set range()`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oniguruma version 6.2.0 Oniguruma-mod in Ruby versions prior to 2.4.1 mbstring in PHP versions prior to 7.1.5 **Description** The issue is related to an out-of-bounds read in the `mbc enc len()` function during regular expression searching. This occurs due to invalid handling of `reg->dmin` in the `forward search range()` function, which could result in an invalid pointer dereference. The vulnerability allows a remote attacker to perform an out-of-bounds read from a stack buffer in dynamic memory. **Recommendations** For Oniguruma version 6.2.0, update to a newer version to mitigate the risk. For Oniguruma-mod in Ruby versions prior to 2.4.1, update Ruby to version 2.4.1 or later. For mbstring in PHP versions prior to 7.1.5, update PHP to version 7.1.5 or later. As a temporary workaround, consider restricting the use of the `mbc enc len()` function and the `forward search range()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oniguruma version 6.2.0 Oniguruma-mod in Ruby versions prior to 2.4.1 mbstring in PHP versions prior to 7.1.5 **Description** An issue in Oniguruma occurs during regular expression compilation, where a stack out-of-bounds write happens in `onigenc unicode get case fold codes by str()`. This is due to improper handling of code point 0xFFFFFFFF in `unicode unfold key()`. A malformed regular expression could result in a stack buffer overflow, with 4 bytes being written off the end of a stack buffer of `expand case fold string()` during the call to `onigenc unicode get case fold codes by str()`. This could allow a remote attacker to cause a denial of service. **Recommendations** For Oniguruma version 6.2.0, consider disabling the `onigenc unicode get case fold codes by str()` function until a patch is available. For Oniguruma-mod in Ruby versions prior to 2.4.1, update to a version that includes the fix for this issue. For mbstring in PHP versions prior to 7.1.5, update to a version that includes the fix for this issue. As a temporary workaround, avoid using malformed regular expressions that could trigger the stack buffer overflow in `expand case fold string()`.

**Name of the Vulnerable Software and Affected Versions** Oniguruma version 6.2.0 Oniguruma-mod in Ruby versions prior to 2.4.1 mbstring in PHP versions prior to 7.1.5 **Description** A logical error in the `match at()` function of the Oniguruma library can result in a stack out-of-bounds read during regular expression searching. This issue is related to errors in access validation and could allow a remote attacker to impact information availability by reading beyond the stack buffer boundaries. **Recommendations** For Oniguruma version 6.2.0, consider disabling the `match at()` function until a patch is available. For Oniguruma-mod in Ruby versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. For mbstring in PHP versions prior to 7.1.5, update to version 7.1.5 or later to resolve the issue.