A use-after-free in onignewdeluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onignewdeluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
{ "binaries": [ { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-bin" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-examples" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-httpd" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-munin-plugins" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-plugin-suggest" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-server-common" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-server-gqtp" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-token-filter-stem" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "groonga-tokenizer-mecab" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "libgroonga-dev" }, { "binary_version": "6.0.1-1ubuntu1", "binary_name": "libgroonga0" } ] }
{ "binaries": [ { "binary_version": "8.0.0-1", "binary_name": "groonga" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-bin" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-examples" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-httpd" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-munin-plugins" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-plugin-suggest" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-server-common" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-server-gqtp" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-token-filter-stem" }, { "binary_version": "8.0.0-1", "binary_name": "groonga-tokenizer-mecab" }, { "binary_version": "8.0.0-1", "binary_name": "libgroonga-dev" }, { "binary_version": "8.0.0-1", "binary_name": "libgroonga0" } ] }
{ "binaries": [ { "binary_version": "9.1.2-1", "binary_name": "groonga" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-bin" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-examples" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-httpd" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-munin-plugins" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-plugin-suggest" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-server-common" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-server-gqtp" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-token-filter-stem" }, { "binary_version": "9.1.2-1", "binary_name": "groonga-tokenizer-mecab" }, { "binary_version": "9.1.2-1", "binary_name": "libgroonga-dev" }, { "binary_version": "9.1.2-1", "binary_name": "libgroonga0" } ] }
{ "binaries": [ { "binary_version": "12.0.0-1", "binary_name": "groonga" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-bin" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-examples" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-httpd" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-munin-plugins" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-plugin-suggest" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-server-common" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-server-gqtp" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-token-filter-stem" }, { "binary_version": "12.0.0-1", "binary_name": "groonga-tokenizer-mecab" }, { "binary_version": "12.0.0-1", "binary_name": "libgroonga-dev" }, { "binary_version": "12.0.0-1", "binary_name": "libgroonga0" } ] }
{ "binaries": [ { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-bin" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-examples" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-munin-plugins" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-plugin-suggest" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-server-common" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-server-gqtp" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-server-http" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-token-filter-stem" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "groonga-tokenizer-mecab" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "libgroonga-dev" }, { "binary_version": "13.1.1+dfsg-1.1build2", "binary_name": "libgroonga0t64" } ] }
{ "binaries": [ { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-bin" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-examples" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-munin-plugins" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-plugin-suggest" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-server-common" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-server-gqtp" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-server-http" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-token-filter-stem" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "groonga-tokenizer-mecab" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "libgroonga-dev" }, { "binary_version": "14.1.0+dfsg-3", "binary_name": "libgroonga0t64" } ] }