Oniguruma Project Oniguruma — known CVE vulnerabilities
Every CVE whose affected-product data names Oniguruma Project Oniguruma, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2017-9224 — CVSS 9.8 (critical): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack…
CVE-2017-9225 — CVSS 9.8 (critical): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack…
CVE-2017-9226 — CVSS 9.8 (critical): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap…
CVE-2017-9227 — CVSS 9.8 (critical): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack…
CVE-2017-9228 — CVSS 9.8 (critical): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap…
CVE-2019-13224 — CVSS 9.8 (critical): A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial…
CVE-2019-19012 — CVSS 9.8 (critical): An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which…
CVE-2019-16163 — CVSS 7.5 (high): Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
CVE-2019-19246 — CVSS 7.5 (high): Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
CVE-2019-19203 — CVSS 7.5 (high): An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is…
CVE-2017-9229 — CVSS 7.5 (high): An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV…
CVE-2019-19204 — CVSS 7.5 (high): An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as…
CVE-2019-13225 — CVSS 6.5 (medium): A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by…