1443435 – (CVE-2017-6181) CVE-2017-6181 ruby: Stack overflow in parse_char_class() in Onigmo

Bug 1443435 (CVE-2017-6181) - CVE-2017-6181 ruby: Stack overflow in parse_char_class() in Onigmo

Summary: CVE-2017-6181 ruby: Stack overflow in parse_char_class() in Onigmo

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2017-6181
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1443436
TreeView+	depends on / blocked

Reported:	2017-04-19 09:17 UTC by Adam Mariš
Modified:	2021-02-17 02:16 UTC (History)
CC List:	32 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An unbounded recursion flaw was found in the way Ruby handled regular expressions. A specially crafted regular expression could be used by an attacker to crash an Ruby application processing such crafted input.
Clone Of:
Environment:
Last Closed:	2017-05-16 08:28:55 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2017-04-19 09:17:00 UTC

The parse_char_class function in regparse.c in the Onigmo (aka
Oniguruma-mod) regular expression library, as used in Ruby 2.4.0,
allows remote attackers to cause a denial of service (deep recursion
and application crash) via a crafted regular expression.

Upstream issue:

https://bugs.ruby-lang.org/issues/13234

Upstream patch:

https://github.com/ruby/ruby/commit/ea940cc4dcff8d6c3

Comment 1 Mamoru TASAKA 2017-04-20 02:36:43 UTC

This also affects oniguruma:
https://github.com/kkos/oniguruma/commit/9c85daa6b400157ee5b2be2cf5be87a031e4fd49#diff-d62ce585dc91a8f833f07e586f874814

Comment 2 Mamoru TASAKA 2017-04-20 04:23:13 UTC

(In reply to Mamoru TASAKA from comment #1)
> This also affects oniguruma:
> https://github.com/kkos/oniguruma/commit/
> 9c85daa6b400157ee5b2be2cf5be87a031e4fd49#diff-
> d62ce585dc91a8f833f07e586f874814

The affected code was introduced by this;
https://github.com/kkos/oniguruma/commit/6b68ebe8360adefe45be94ed0dbf13a9aa9023ef

So does not affect on origuruma 6.1.3, 5.9.2. All versions of oniguruma shipped on Fedora are not affected by this.

Comment 4 Dhiru Kholia 2017-05-16 08:24:47 UTC

Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.

bkearney
cbillett
ccoleman
cpelland
dajohnso
dclarizi
dedgar
dkholia
dmcphers
gblomqui
gmccullo
gtanzill
hhorak
hhudgeon
jfrey
jgoulding
jhardy
joelsmith
jorton
jprause
kseifried
mmorsi
mtasaka
obarenbo
roliveri
ruby-maint
simaishi
s
strzibny
tomckay
vanmeeuwen+fedora
vondruch