vulnerability

Amazon Linux AMI 2: CVE-2017-9225: Security patch for php (ALAS-2018-946)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
May 24, 2017
Added
Jan 23, 2024
Modified
Jan 23, 2024

Description

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.

Solution(s)

amazon-linux-ami-2-upgrade-phpamazon-linux-ami-2-upgrade-php-bcmathamazon-linux-ami-2-upgrade-php-cliamazon-linux-ami-2-upgrade-php-commonamazon-linux-ami-2-upgrade-php-dbaamazon-linux-ami-2-upgrade-php-dbgamazon-linux-ami-2-upgrade-php-debuginfoamazon-linux-ami-2-upgrade-php-develamazon-linux-ami-2-upgrade-php-embeddedamazon-linux-ami-2-upgrade-php-enchantamazon-linux-ami-2-upgrade-php-fpmamazon-linux-ami-2-upgrade-php-gdamazon-linux-ami-2-upgrade-php-gmpamazon-linux-ami-2-upgrade-php-intlamazon-linux-ami-2-upgrade-php-jsonamazon-linux-ami-2-upgrade-php-ldapamazon-linux-ami-2-upgrade-php-mbstringamazon-linux-ami-2-upgrade-php-mysqlndamazon-linux-ami-2-upgrade-php-odbcamazon-linux-ami-2-upgrade-php-opcacheamazon-linux-ami-2-upgrade-php-pdoamazon-linux-ami-2-upgrade-php-pgsqlamazon-linux-ami-2-upgrade-php-processamazon-linux-ami-2-upgrade-php-pspellamazon-linux-ami-2-upgrade-php-recodeamazon-linux-ami-2-upgrade-php-snmpamazon-linux-ami-2-upgrade-php-soapamazon-linux-ami-2-upgrade-php-xmlamazon-linux-ami-2-upgrade-php-xmlrpc

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today