Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 745780 (CVE-2020-26159)

Summary: dev-libs/oniguruma: Buffer overflow in concat_opt_exact_str (CVE-2020-26159)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: cjk
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/kkos/oniguruma/issues/207
Whiteboard: B3 [ebuild cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-09-30 19:23:48 UTC 
Description:
"In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-07 00:40:46 UTC 
Turned out to not be an issue: https://github.com/kkos/oniguruma/issues/221#issuecomment-712814784