Out-of-bounds write in Oniguruma

#VU47647 Out-of-bounds write in Oniguruma

Published: 2020-09-30 | Updated: 2020-10-14

Vulnerability identifier: #VU47647

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26159

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oniguruma
Universal components / Libraries / Libraries used by multiple products

Vendor: K.Kosako

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .

Mitigation
Install update from vendor's website.

Vulnerable software versions

Oniguruma: 6.9.5

External links
http://www.openwall.com/lists/oss-security/2020/09/30/7
http://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
http://github.com/kkos/oniguruma/issues/207
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZCUPCKJNSUHQMXXZBRNDDGQQLBJ2ACT/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NHVR7X5ZLXUGW3PBCPQMNFQ3OJCSMQD/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUJY7BUIFBTZ3IUHVHCID4JYCRDGKPS/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell VxRail Appliance components

Multiple vulnerabilities in Dell VxRail

SUSE update for oniguruma

Out-of-bounds write in oniguruma (Alpine package)

Out-of-bounds write in K.Kosako Oniguruma