CVE-2019-9020

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-9020
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9020.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9020
Related
Published
2019-02-22T23:29:00Z
Modified
2024-09-03T03:05:19.363797Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xmlelemparsebuf in ext/xmlrpc/libxmlrpc/xml_element.c.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

NEWS
NEWS-cvs2svn

php-5.*

php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24RC1