vulnerability
PHP Vulnerability: CVE-2019-9023
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 22, 2019 | Feb 27, 2019 | Nov 27, 2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 22, 2019
Added
Feb 27, 2019
Modified
Nov 27, 2024
Description
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
Solution(s)
php-upgrade-5_6_40php-upgrade-7_2_14php-upgrade-7_3_1
References
- CVE-2019-9023
- https://attackerkb.com/topics/CVE-2019-9023
- URL-https://bugs.php.net/bug.php?id=77370
- URL-https://bugs.php.net/bug.php?id=77371
- URL-https://bugs.php.net/bug.php?id=77381
- URL-https://bugs.php.net/bug.php?id=77382
- URL-https://bugs.php.net/bug.php?id=77385
- URL-https://bugs.php.net/bug.php?id=77394
- URL-https://bugs.php.net/bug.php?id=77418
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.