Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 7 MGASA-2020-0452 Moderate: Oniguruma Buffer Overflow

mageia
Calendar Grey December 8, 2020
Dist Mageia Esm H88
A critical patch for Mageia resolves vulnerability in Oniguruma, strengthening defense against regex-related buffer overflow attacks.
In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c (CVE-2020-26159)

Summary

In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c (CVE-2020-26159).

References

- https://bugs.mageia.org/show_bug.cgi?id=27387

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZFUJY7BUIFBTZ3IUHVHCID4JYCRDGKPS/

- https://lists.debian.org/debian-lts-announce/2020/11/msg00006.html

- https://www.openwall.com/lists/oss-security/2020/09/30/7

- https://www.cve.org/CVERecord?id=CVE-2020-26159

Topics%20covered

Topics Covered

security advisory moderate security issue buffer overflow moderate severity attack Mageia mageia Oniguruma regex exploit oniguruma regcomp

Resolution

SRPMS

- 7/core/oniguruma-6.9.4-1.1.mga7

Publication date: 08 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0452.html
Type: security
CVE: CVE-2020-26159

Topics%20covered

Topics Covered

security advisory moderate security issue buffer overflow moderate severity attack Mageia mageia Oniguruma regex exploit oniguruma regcomp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here