An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "libonig-dev": "5.9.1-1ubuntu1.1+esm2", "libonig-dev-dbgsym": "5.9.1-1ubuntu1.1+esm2", "libonig2-dbgsym": "5.9.1-1ubuntu1.1+esm2", "libonig2": "5.9.1-1ubuntu1.1+esm2", "libonig2-dbg": "5.9.1-1ubuntu1.1+esm2" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "libonig-dev": "5.9.6-1ubuntu0.1+esm2", "libonig-dev-dbgsym": "5.9.6-1ubuntu0.1+esm2", "libonig2-dbgsym": "5.9.6-1ubuntu0.1+esm2", "libonig2": "5.9.6-1ubuntu0.1+esm2", "libonig2-dbg": "5.9.6-1ubuntu0.1+esm2" } ] }