CVSS: 7.5EPSS: 57%CPEs: 9EXPL: 1CVE-2019-9022 – php: memcpy with negative length via crafted DNS response
https://notcve.org/view.php?id=CVE-2019-9022
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. Se ha descubierto un problema en PHP, en versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3.2. dns_get_record analiza erróneamente una respuesta DNS, lo que podría permitir que un servidor DNS hostil provoque que PHP emplee memcpy de forma incorrecta, lo que conduce a que las operaciones de lectura sobrepasen el búfer asignado para los datos DNS. Esto afecta a php_parserr en ext/standard/dns.c para las consultas DNS_CAA y DNS_ANY. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77369 https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html https://security.netapp.com/advisory/ntap-20190321-0001 https://usn.ubuntu.com/3902-1 https://usn.ubuntu.com/3922-2 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-9025
https://notcve.org/view.php?id=CVE-2019-9025
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data. Se ha descubierto un problema en PHP, en versiones 7.3.x anteriores a la 7.3.1. Una cadena multibyte inválida proporcionada como argumento a la función mb_split() en ext/mbstring/php_mbregex.c puede provocar que PHP ejecute memcpy() con un argumento negativo, lo que podría leer y escribir más allá de los búferes asignados para los datos. • https://bugs.php.net/bug.php?id=77367 https://security.netapp.com/advisory/ntap-20190321-0001 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 1CVE-2019-9021 – php: Heap-based buffer over-read in PHAR reading functions
https://notcve.org/view.php?id=CVE-2019-9021
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.40, versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3.1. Una sobrelectura de búfer basada en memoria dinámica (heap) en las funciones de lectura PHAR en la extensión PHAR podría permitir que un atacante lea memoria asignada o no asignada más allá de los datos reales al intentar analizar el nombre de archivo. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/106747 http://www.securityfocus.com/bid/107156 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php&# • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 2CVE-2019-9020 – php: Invalid memory access in function xmlrpc_decode()
https://notcve.org/view.php?id=CVE-2019-9020
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.40, versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3.1. Las entradas inválidas en la función xmlrpc_decode() pueden conducir a un acceso inválido a la memoria (lectura de memoria dinámica o heap fuera de límites o lectura de memoria previamente liberada). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/107156 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77242 https://bugs. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 8.8EPSS: 71%CPEs: 12EXPL: 2CVE-2019-6977 – PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
https://notcve.org/view.php?id=CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. gdImageColorMatch in gd_color_match.c en la versión 2.2.5 de GD Graphics Library (también conocido como LibGD), tal y como se utiliza en la función imagecolormatch en PHP, en versiones anteriores a la 5.6.40, en las 7.x anteriores a la 7.1.26, en las 7.2.x anteriores a la 7.2.14 y en las 7.3.x anteriores a la 7.3.1, tiene un desbordamiento de búfer basado en memoria dinámica (heap). Esto puede ser explotado por un atacante capaz de provocar llamadas imagecolormatch con datos de imagen manipulados. PHP version 7.2 suffers from an imagecolormatch() out-of-band heap write vulnerability. • https://www.exploit-db.com/exploits/46677 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/106731 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:32 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •