{"id":"CVE-2017-9228","details":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.","modified":"2026-04-16T01:38:09.185992215Z","published":"2017-05-24T15:29:00.370Z","related":["SUSE-SU-2017:3237-1","SUSE-SU-2017:3277-1","SUSE-SU-2018:0003-1","SUSE-SU-2020:1570-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"type":"ADVISORY","url":"https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"},{"type":"ADVISORY","url":"https://github.com/kkos/oniguruma/issues/60"},{"type":"REPORT","url":"https://github.com/kkos/oniguruma/issues/60"},{"type":"FIX","url":"https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"},{"type":"EVIDENCE","url":"https://github.com/kkos/oniguruma/issues/60"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kkos/oniguruma","events":[{"introduced":"0"},{"fixed":"3b63d12038c8d8fc278e81c942fa9bec7c704c8b"}]}],"versions":["v5.9.6","v6.0.0","v6.1.0","v6.1.1","v6.1.2","v6.1.3"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b","id":"CVE-2017-9228-76affd58","digest":{"line_hashes":["137584815735396322363988031431915161481","333494754384487831514448708681268998912","146133796272021099976876320362250733552","333557439717205834644043090230902438066"],"threshold":0.9},"target":{"file":"src/regparse.c"}},{"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b","id":"CVE-2017-9228-f4e5b971","digest":{"function_hash":"101840422994517572473954624738540707486","length":523},"target":{"function":"next_state_class","file":"src/regparse.c"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9228.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0221e9f827632942225586687a33cfd554860d5e"},{"fixed":"73915a2bd61f21fd809b4d50af9aba950f43e807"},{"introduced":"60fffd296abce5fc071f3c173c25a2696cf683c6"},{"fixed":"8a79ce6c8b9d309573993ce332f3951ea1947e2f"},{"introduced":"fc1df8e7a6886e29a6ed5bef3f674ac61164e847"},{"fixed":"de96a08a90e480f1afb655bcfeac8ac28a14228e"}]}],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://github.com/php/php-src/commit/73915a2bd61f21fd809b4d50af9aba950f43e807","id":"CVE-2017-9228-343f4c1a","digest":{"function_hash":"233037532068098537505988791132617368492","length":13872},"target":{"function":"compile_bracket_matchingpath","file":"ext/pcre/pcrelib/pcre_jit_compile.c"}},{"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://github.com/php/php-src/commit/73915a2bd61f21fd809b4d50af9aba950f43e807","id":"CVE-2017-9228-cfd9dfdb","digest":{"line_hashes":["41612049881914751775057704412356952022","206133687184829194312361432760839012982","60469889591596012334583203454317370370","317056786488417399517652373716894105276"],"threshold":0.9},"target":{"file":"ext/pcre/pcrelib/pcre_jit_compile.c"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9228.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}