suse · CVE-2017-9224

Quick triage

Priority: low Published: 2021-05-30 13:57:03 UTC Updated: 2024-10-23 01:03:40 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-9224 severity low: SUSE including 208 source package names (apache2-mod_php5-5.2.14-0.7.30.110.1, apache2-mod_php5-5.5.14-108.1, …), 303 product×package rows across 13 product lines (SUSE Linux Enterprise Module for Web and Scripting 12, SUSE Linux Enterprise Server 11 SP1 for Teradata, … (13 product lines)): Fixed 300, Known Not Affected 3.

Description:

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.

cvelogic Threat Intelligence