GCVE - cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:*

part: a version: * update: *

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	oniguruma-mod
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.648634
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.648636

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-9229`	vulnerable	2026-06-03 14:37:41.186953	Details available An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Published: 2017-05-24T15:00:00.000Z Updated: 2024-08-05T17:02:44.157Z Open on db.gcve.eu Reference links https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/issues/59	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-9225`	vulnerable	2026-06-03 14:37:41.185254	Details available An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Published: 2017-05-24T15:00:00.000Z Updated: 2024-09-17T03:07:00.571Z Open on db.gcve.eu Reference links https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://github.com/kkos/oniguruma/issues/56	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.