Add advisory for onig Region heap buffer overflow

[cuiwenhao123]

Affected crate(s)

• onig (10,583,261 recent downloads per crates.io)

Links to upstream issue(s) or PR(s)

• Heap-buffer-overflow in Region rust-onig/rust-onig#215
• Fix heap-buffer-overflow in Region::reserve() via checked usize→c_int cast rust-onig/rust-onig#221
• rust-onig/rust-onig@fa76915

Severity

Affected versions expose a memory-safety issue in the safe Region API. Region::reserve() and Region::with_capacity() cast a user-provided usize capacity to c_int before calling the Oniguruma C API. Very large capacities can wrap to a negative c_int, causing a small allocation while Region::len() later interprets the stored value as a large usize. A subsequent Region::pos() call can then perform an out-of-bounds heap read.

This can lead to memory exposure and violates Rust safety expectations for safe APIs. The issue is fixed in onig 6.5.2 by checking the usize to c_int conversion in Region::reserve().

Checklist

• Advisory filename(s) starts with RUSTSEC-0000-0000 as the ID
• date field is set to the public disclosure date
• Contains a concise and descriptive title after advisory metadata
• Asked maintainer(s) if publishing an advisory is appropriate

Validation

• rustsec-admin lint
• GitHub Actions: Lint advisories passed

[djc]

Please use the pull request template.

[cuiwenhao123]

Updated the PR description to use the pull request template.

[djc]

I don't see approval from the maintainer(s) to publish an advisory anywhere?

[cuiwenhao123]

Confirmed there is no explicit upstream maintainer approval yet. I asked the rust-onig maintainers here: rust-onig/rust-onig#215 (comment)

I will leave the checklist item unchecked until they confirm.