N/A

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.

N/A

N/A

Oniguruma 缓冲区错误漏洞

Oniguruma是一款开源的正则表达式库。 Oniguruma 6.2.0版本存在安全漏洞。该漏洞源于在 Ruby 中的 Oniguruma-mod 到 2.4.1 和 PHP 中的 mbstring 到 7.1.5 中使用。 由于来自不正确状态转换的未初始化变量，在正则表达式编译期间，bitset_set_range() 中发生堆越界写入。 parse_char_class() 中不正确的状态转换可能会创建一个执行路径，导致关键局部变量在用作索引之前未初始化，从而导致越界写入内存损坏。攻击者可利用该漏

N/A

N/A