Buffer Over-read Affecting cocoaoniguruma package, versions >=0.0.0


0.0
medium

Snyk CVSS

    Exploit Maturity Proof of concept
    Attack Complexity High
    Confidentiality High
Expand this section
NVD
7.5 high
Expand this section
RHEL
7.5 high
Expand this section
SUSE
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-COCOAPODS-COCOAONIGURUMA-535384
  • published 22 Nov 2019
  • disclosed 21 Nov 2019
  • credit ManhNDd

How to fix?

There is no fixed version for CocoaOniguruma.

Overview

CocoaOniguruma is a binding of Oniguruma regular expression engine

Affected versions of this package are vulnerable to Buffer Over-read. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.