An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
The product dereferences a pointer that it expects to be valid but is NULL.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Oniguruma | Oniguruma_project | 6.2.0 (including) | 6.2.0 (including) |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-php70-php-0:7.0.27-1.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-php70-php-0:7.0.27-1.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php70-php-0:7.0.27-1.el7 | * |
| Libonig | Ubuntu | artful | * |
| Libonig | Ubuntu | bionic | * |
| Libonig | Ubuntu | devel | * |
| Libonig | Ubuntu | esm-apps/bionic | * |
| Libonig | Ubuntu | esm-apps/xenial | * |
| Libonig | Ubuntu | esm-infra-legacy/trusty | * |
| Libonig | Ubuntu | trusty | * |
| Libonig | Ubuntu | trusty/esm | * |
| Libonig | Ubuntu | xenial | * |
| Libonig | Ubuntu | yakkety | * |
| Libonig | Ubuntu | zesty | * |
| Php5 | Ubuntu | esm-infra-legacy/trusty | * |
| Php5 | Ubuntu | trusty | * |
| Php5 | Ubuntu | trusty/esm | * |
| Php7.0 | Ubuntu | esm-infra/xenial | * |
| Php7.0 | Ubuntu | xenial | * |
| Php7.0 | Ubuntu | zesty | * |
| Php7.1 | Ubuntu | artful | * |