Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-9023

Опубликовано: 29 дек. 2018
Источник: redhat
CVSS3: 5.4

Описание

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpOut of support scope
Red Hat Enterprise Linux 6phpOut of support scope
Red Hat Enterprise Linux 7phpFix deferred
Red Hat Software Collectionsrh-php70-phpFix deferred
Red Hat Enterprise Linux 8phpFixedRHSA-2020:162428.04.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php72-phpFixedRHSA-2019:329901.11.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-php72-phpFixedRHSA-2019:329901.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1685398php: Heap-based buffer over-read in mbstring regular expression functions

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-9023

CVSS3: 9.8
ubuntu
больше 6 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

nvd логотип

CVE-2019-9023

CVSS3: 9.8
nvd
больше 6 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

debian логотип

CVE-2019-9023

CVSS3: 9.8
debian
больше 6 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...

github логотип

GHSA-f6fp-28gh-x93q

CVSS3: 9.8
github
около 3 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

fstec логотип

BDU:2019-01554

CVSS3: 9.8
fstec
больше 6 лет назад

Уязвимость в интерпретаторе языка программирования PHP, связанная с чтением за пределами границ буфера динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании, нарушить конфиденциальность и целостность защищаемых данных

5.4 Medium

CVSS3