Xixabangm4O

**Name of the Vulnerable Software and Affected Versions** Oniguruma versions 6.2.0 Oniguruma-mod in Ruby versions through 2.4.1 mbstring in PHP versions through 7.1.5 **Description** The issue is caused by incorrect handling of numbers larger than 0xff in the `fetch token()` and `fetch token in cc()` functions during regular expression compilation. Exploitation of this issue may allow a remote attacker to cause memory corruption by using a specially crafted octal number in the form of "700" that exceeds 0xff, resulting in an out-of-bounds write when processed. This can lead to memory corruption due to the incorrect handling of octal numbers in the `next state val()` function. **Recommendations** For Oniguruma version 6.2.0, consider disabling the `fetch token()` and `fetch token in cc()` functions until a patch is available. For Oniguruma-mod in Ruby versions through 2.4.1, restrict the use of octal numbers in regular expressions to prevent exploitation. For mbstring in PHP versions through 7.1.5, avoid using the `next state val()` function with malformed regular expressions containing octal numbers larger than 0xff until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.