CVE-2019-9020

Updated: 2024-11-24 04:28:15.348321

Description:

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

EL 6 PHP php 7.4 9.8 CRITICAL Ignored 2024-05-14 17:18:17
EL 6 PHP php 8.2 9.8 CRITICAL Ignored 2024-05-14 17:18:14
EL 6 PHP php 8.0 9.8 CRITICAL Ignored 2024-05-14 17:18:16
EL 6 PHP php 5.4 9.8 CRITICAL Ignored 2024-05-14 17:18:21
EL 6 PHP php 7.1 9.8 CRITICAL Ignored 2024-05-14 17:18:12
EL 6 PHP php 5.1 9.8 CRITICAL Ignored 2024-05-14 17:18:21
EL 6 PHP php 5.2 9.8 CRITICAL Ignored 2024-05-14 17:18:21
EL 6 PHP php 5.3 9.8 CRITICAL Ignored 2024-05-14 17:18:21
EL 6 PHP php 7.2 9.8 CRITICAL Ignored 2024-05-14 17:18:21
EL 6 PHP php 7.3 9.8 CRITICAL Ignored 2024-05-14 17:18:20
Total: 86