CVE-2019-9020
- Source
- https://cve.org/CVERecord?id=CVE-2019-9020
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9020.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-9020
- Downstream
- Related
- Published
- 2019-02-22T23:29:00.330Z
- Modified
- 2026-02-05T06:43:53.915683Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xmlelemparsebuf in ext/xmlrpc/libxmlrpc/xml_element.c.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
- http://www.securityfocus.com/bid/107156
- https://access.redhat.com/errata/RHSA-2019:2519
- https://access.redhat.com/errata/RHSA-2019:3299
- https://bugs.php.net/bug.php?id=77242
- https://bugs.php.net/bug.php?id=77249
- https://security.netapp.com/advisory/ntap-20190321-0001/
- https://usn.ubuntu.com/3902-1/
- https://usn.ubuntu.com/3902-2/
- https://www.debian.org/security/2019/dsa-4398
- https://bugs.php.net/bug.php?id=77242
- https://bugs.php.net/bug.php?id=77249
- https://bugs.php.net/bug.php?id=77242
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
- https://bugs.php.net/bug.php?id=77242
- https://bugs.php.net/bug.php?id=77249