CVE-2019-9021

Updated: 2024-11-22 02:17:56.331317

Description:

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

EL 6 PHP php 5.6 9.8 CRITICAL Ignored 2024-05-14 17:19:00
EL 6 PHP php 5.4 9.8 CRITICAL Ignored 2024-05-14 17:19:10
EL 6 PHP php 5.1 9.8 CRITICAL Ignored 2024-05-14 17:19:11
EL 6 PHP php 5.2 9.8 CRITICAL Ignored 2024-05-14 17:19:10
EL 6 PHP php 5.3 9.8 CRITICAL Ignored 2024-05-14 17:19:10
EL 6 PHP php 7.2 9.8 CRITICAL Ignored 2024-05-14 17:19:10
EL 6 PHP php 7.3 9.8 CRITICAL Ignored 2024-05-14 17:19:10
EL 6 PHP php 7.4 9.8 CRITICAL Ignored 2024-05-14 17:19:05
EL 6 PHP php 8.0 9.8 CRITICAL Ignored 2024-05-14 17:19:05
EL 6 PHP php 5.5 9.8 CRITICAL Ignored 2024-05-14 17:19:04
Total: 86