CVE-2017-9225

Name of the Vulnerable Software and Affected Versions Oniguruma version 6.2.0 Oniguruma-mod in Ruby versions prior to 2.4.1 mbstring in PHP versions prior to 7.1.5

Description An issue in Oniguruma occurs during regular expression compilation, where a stack out-of-bounds write happens in onigenc unicode get case fold codes by str(). This is due to improper handling of code point 0xFFFFFFFF in unicode unfold key(). A malformed regular expression could result in a stack buffer overflow, with 4 bytes being written off the end of a stack buffer of expand case fold string() during the call to onigenc unicode get case fold codes by str(). This could allow a remote attacker to cause a denial of service.

Recommendations For Oniguruma version 6.2.0, consider disabling the onigenc unicode get case fold codes by str() function until a patch is available. For Oniguruma-mod in Ruby versions prior to 2.4.1, update to a version that includes the fix for this issue. For mbstring in PHP versions prior to 7.1.5, update to a version that includes the fix for this issue. As a temporary workaround, avoid using malformed regular expressions that could trigger the stack buffer overflow in expand case fold string().