Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2020:1624
Vulnerability from osv_almalinux
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (7.2.24). (BZ#1726981)
Security Fix(es):
-
php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)
-
php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)
-
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)
-
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)
-
php: Invalid read in exif_process_SOFn() (CVE-2019-9640)
-
php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)
-
php: Buffer over-read in exif_read_data() (CVE-2019-11040)
-
php: Buffer over-read in PHAR reading functions (CVE-2018-20783)
-
php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)
-
php: memcpy with negative length via crafted DNS response (CVE-2019-9022)
-
php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)
-
php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)
-
php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)
-
php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)
-
php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)
-
php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
-
php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-2.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pear"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.10.5-9.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.12-2.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.3-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.3-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.3-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-recode"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-recode"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-recode"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.5.0+53+9945c2af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.3.0+2010+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.24-1.module_el8.4.0+2228+7c76a223"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: php (7.2.24). (BZ#1726981)\n\nSecurity Fix(es):\n\n* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)\n\n* php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)\n\n* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)\n\n* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)\n\n* php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)\n\n* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)\n\n* php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)\n\n* php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)\n\n* php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)\n\n* php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)\n\n* php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)\n\n* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2020:1624",
"modified": "2020-04-28T08:57:41Z",
"published": "2020-04-28T08:57:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2020-1624.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-20783"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11034"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11035"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11036"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11039"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11040"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11041"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11042"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9020"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9021"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9022"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9023"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9024"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9637"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9638"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9639"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9640"
}
],
"related": [
"CVE-2019-9020",
"CVE-2019-9637",
"CVE-2019-9638",
"CVE-2019-9639",
"CVE-2019-9640",
"CVE-2019-11039",
"CVE-2019-11040",
"CVE-2018-20783",
"CVE-2019-9021",
"CVE-2019-9022",
"CVE-2019-9023",
"CVE-2019-9024",
"CVE-2019-11034",
"CVE-2019-11035",
"CVE-2019-11036",
"CVE-2019-11041",
"CVE-2019-11042"
],
"summary": "Moderate: php:7.2 security, bug fix, and enhancement update"
}
CVE-2019-9020 (GCVE-0-2019-9020)
Vulnerability from cvelistv5 – Published: 2019-02-22 23:00 – Updated: 2024-08-04 21:31- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77249"
},
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77249"
},
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77249",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77249"
},
{
"name": "USN-3902-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107156"
},
{
"name": "https://bugs.php.net/bug.php?id=77242",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77242"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9020",
"datePublished": "2019-02-22T23:00:00.000Z",
"dateReserved": "2019-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11035 (GCVE-0-2019-11035)
Vulnerability from cvelistv5 – Published: 2019-04-18 16:57 – Updated: 2024-09-17 03:43- CWE-125 - Out-of-bounds Read
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77831"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.1.28",
"status": "affected",
"version": "7.1.x",
"versionType": "custom"
},
{
"lessThan": "7.2.17",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13938"
}
],
"datePublic": "2019-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:28.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77831"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77831"
],
"discovery": "INTERNAL"
},
"title": "Heap over-read in PHP EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-04-01T11:44:00.000Z",
"ID": "CVE-2019-11035",
"STATE": "PUBLIC",
"TITLE": "Heap over-read in PHP EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.1.x",
"version_value": "7.1.28"
},
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.17"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.4"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13938"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77831",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77831"
},
{
"name": "USN-3953-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"name": "https://support.f5.com/csp/article/K44590877",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77831"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11035",
"datePublished": "2019-04-18T16:57:00.996Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:08.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11040 (GCVE-0-2019-11040)
Vulnerability from cvelistv5 – Published: 2019-06-18 23:28 – Updated: 2024-09-16 17:23- CWE-125 - Out-of-bounds Read
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77988"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.30"
},
{
"status": "affected",
"version": "7.2.19"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By orestiskourides at gmail dot com"
}
],
"datePublic": "2019-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:33.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=77988"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77988"
],
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
"ID": "CVE-2019-11040",
"STATE": "PUBLIC",
"TITLE": "Heap buffer overflow in EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.30"
},
{
"version_value": "7.2.19"
},
{
"version_value": "7.3.6"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By orestiskourides at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77988",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=77988"
},
{
"name": "openSUSE-SU-2019:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=77988"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11040",
"datePublished": "2019-06-18T23:28:28.320Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:23:01.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11039 (GCVE-0-2019-11039)
Vulnerability from cvelistv5 – Published: 2019-06-18 23:28 – Updated: 2024-09-17 00:21- CWE-125 - Out-of-bounds Read
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78069"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.30"
},
{
"status": "affected",
"version": "7.2.19"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By maris dot adam at gmail dot com"
}
],
"datePublic": "2019-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:18.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=78069"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78069"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds read in iconv.c",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
"ID": "CVE-2019-11039",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in iconv.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.30"
},
{
"version_value": "7.2.19"
},
{
"version_value": "7.3.6"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By maris dot adam at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78069",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=78069"
},
{
"name": "openSUSE-SU-2019:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=78069"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11039",
"datePublished": "2019-06-18T23:28:28.280Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:46.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9021 (GCVE-0-2019-9021)
Vulnerability from cvelistv5 – Published: 2019-02-22 23:00 – Updated: 2024-08-04 21:31- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77247"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"name": "106747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77247"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"name": "106747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3902-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "https://bugs.php.net/bug.php?id=77247",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77247"
},
{
"name": "107156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107156"
},
{
"name": "106747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106747"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9021",
"datePublished": "2019-02-22T23:00:00.000Z",
"dateReserved": "2019-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9024 (GCVE-0-2019-9024)
Vulnerability from cvelistv5 – Published: 2019-02-22 23:00 – Updated: 2024-08-04 21:38- n/a
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:45.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3902-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "DSA-4398",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107156"
},
{
"name": "https://bugs.php.net/bug.php?id=77380",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77380"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "openSUSE-SU-2019:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9024",
"datePublished": "2019-02-22T23:00:00.000Z",
"dateReserved": "2019-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:45.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9022 (GCVE-0-2019-9022)
Vulnerability from cvelistv5 – Published: 2019-02-22 23:00 – Updated: 2024-08-04 21:31- n/a
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:06:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4398",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "USN-3902-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "https://bugs.php.net/bug.php?id=77369",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77369"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "https://www.tenable.com/security/tns-2019-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9022",
"datePublished": "2019-02-22T23:00:00.000Z",
"dateReserved": "2019-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9638 (GCVE-0-2019-9638)
Vulnerability from cvelistv5 – Published: 2019-03-08 23:00 – Updated: 2024-08-04 21:54- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77563"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note-\u003eoffset relationship to value_len."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77563"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note-\u003eoffset relationship to value_len."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4403",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"name": "https://bugs.php.net/bug.php?id=77563",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77563"
},
{
"name": "USN-3922-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9638",
"datePublished": "2019-03-08T23:00:00.000Z",
"dateReserved": "2019-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9637 (GCVE-0-2019-9637)
Vulnerability from cvelistv5 – Published: 2019-03-08 23:00 – Updated: 2024-08-04 21:54- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77630"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K53825211"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77630"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K53825211"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4403",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"name": "https://bugs.php.net/bug.php?id=77630",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77630"
},
{
"name": "USN-3922-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "https://support.f5.com/csp/article/K53825211",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K53825211"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "https://www.tenable.com/security/tns-2019-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9637",
"datePublished": "2019-03-08T23:00:00.000Z",
"dateReserved": "2019-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9639 (GCVE-0-2019-9639)
Vulnerability from cvelistv5 – Published: 2019-03-08 23:00 – Updated: 2024-08-04 21:54- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77659"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77659"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4403",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"name": "https://bugs.php.net/bug.php?id=77659",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77659"
},
{
"name": "USN-3922-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9639",
"datePublished": "2019-03-08T23:00:00.000Z",
"dateReserved": "2019-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11041 (GCVE-0-2019-11041)
Vulnerability from cvelistv5 – Published: 2019-08-09 19:26 – Updated: 2024-09-16 19:31- CWE-125 - Out-of-bounds Read
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78222"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.x below 7.1.31"
},
{
"status": "affected",
"version": "7.2.x below 7.2.21"
},
{
"status": "affected",
"version": "7.3.x below 7.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By orestiskourides at gmail dot com"
}
],
"datePublic": "2019-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:35.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=78222"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78222"
],
"discovery": "EXTERNAL"
},
"title": "heap-buffer-overflow on exif_scan_thumbnail in EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-07-30T03:21:00.000Z",
"ID": "CVE-2019-11041",
"STATE": "PUBLIC",
"TITLE": "heap-buffer-overflow on exif_scan_thumbnail in EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.x below 7.1.31"
},
{
"version_value": "7.2.x below 7.2.21"
},
{
"version_value": "7.3.x below 7.3.8"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By orestiskourides at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78222",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=78222"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190822-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"name": "https://support.apple.com/kb/HT210634",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=78222"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11041",
"datePublished": "2019-08-09T19:26:34.152Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:07.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20783 (GCVE-0-2018-20783)
Vulnerability from cvelistv5 – Published: 2019-02-21 19:00 – Updated: 2024-08-05 12:12- n/a
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://php.net/ChangeLog-7.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77143"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "USN-3566-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3566-2/"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://php.net/ChangeLog-7.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77143"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "USN-3566-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3566-2/"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "MISC",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "MISC",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "https://bugs.php.net/bug.php?id=77143",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77143"
},
{
"name": "openSUSE-SU-2019:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "USN-3566-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3566-2/"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20783",
"datePublished": "2019-02-21T19:00:00.000Z",
"dateReserved": "2019-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:12:28.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11034 (GCVE-0-2019-11034)
Vulnerability from cvelistv5 – Published: 2019-04-18 16:57 – Updated: 2024-09-17 02:31- CWE-125 - Out-of-bounds Read
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77753"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.1.28",
"status": "affected",
"version": "7.1.x",
"versionType": "custom"
},
{
"lessThan": "7.2.17",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13723"
}
],
"datePublic": "2019-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:20.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77753"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77753"
],
"discovery": "INTERNAL"
},
"title": "Heap over-read in PHP EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-04-01T11:44:00.000Z",
"ID": "CVE-2019-11034",
"STATE": "PUBLIC",
"TITLE": "Heap over-read in PHP EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.1.x",
"version_value": "7.1.28"
},
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.17"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.4"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13723"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77753",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77753"
},
{
"name": "USN-3953-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"name": "https://support.f5.com/csp/article/K44590877",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77753"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11034",
"datePublished": "2019-04-18T16:57:00.954Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:25.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9023 (GCVE-0-2019-9023)
Vulnerability from cvelistv5 – Published: 2019-02-22 23:00 – Updated: 2024-08-04 21:38- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:45.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77418"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77371"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77385"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K06372014"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3902-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77418"
},
{
"name": "DSA-4398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77371"
},
{
"name": "USN-3902-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77385"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K06372014"
},
{
"name": "openSUSE-SU-2019:1256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3902-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-2/"
},
{
"name": "https://bugs.php.net/bug.php?id=77382",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77382"
},
{
"name": "https://bugs.php.net/bug.php?id=77418",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77418"
},
{
"name": "DSA-4398",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4398"
},
{
"name": "https://bugs.php.net/bug.php?id=77371",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77371"
},
{
"name": "USN-3902-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3902-1/"
},
{
"name": "107156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107156"
},
{
"name": "https://bugs.php.net/bug.php?id=77370",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77370"
},
{
"name": "https://bugs.php.net/bug.php?id=77385",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77385"
},
{
"name": "https://bugs.php.net/bug.php?id=77394",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77394"
},
{
"name": "https://bugs.php.net/bug.php?id=77381",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77381"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190321-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190321-0001/"
},
{
"name": "https://support.f5.com/csp/article/K06372014",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K06372014"
},
{
"name": "openSUSE-SU-2019:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9023",
"datePublished": "2019-02-22T23:00:00.000Z",
"dateReserved": "2019-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:45.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11036 (GCVE-0-2019-11036)
Vulnerability from cvelistv5 – Published: 2019-05-03 19:28 – Updated: 2024-09-16 22:30- CWE-126 - Buffer Over-read
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77950"
},
{
"name": "108177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108177"
},
{
"name": "FEDORA-2019-6350c4e21a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/"
},
{
"name": "FEDORA-2019-6e325234a4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/"
},
{
"name": "FEDORA-2019-bab3944fee",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0003/"
},
{
"name": "USN-3566-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3566-2/"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "USN-4009-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4009-1/"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.1.29",
"status": "affected",
"version": "7.1.x",
"versionType": "custom"
},
{
"lessThan": "7.2.18",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.5",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14050"
}
],
"datePublic": "2019-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:32.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77950"
},
{
"name": "108177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108177"
},
{
"name": "FEDORA-2019-6350c4e21a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/"
},
{
"name": "FEDORA-2019-6e325234a4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/"
},
{
"name": "FEDORA-2019-bab3944fee",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0003/"
},
{
"name": "USN-3566-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3566-2/"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "USN-4009-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4009-1/"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77950"
],
"discovery": "INTERNAL"
},
"title": "Heap over-read in PHP EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-04-30T14:06:00.000Z",
"ID": "CVE-2019-11036",
"STATE": "PUBLIC",
"TITLE": "Heap over-read in PHP EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.1.x",
"version_value": "7.1.29"
},
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.18"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.5"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14050"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126 Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77950",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77950"
},
{
"name": "108177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108177"
},
{
"name": "FEDORA-2019-6350c4e21a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/"
},
{
"name": "FEDORA-2019-6e325234a4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/"
},
{
"name": "FEDORA-2019-bab3944fee",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190517-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190517-0003/"
},
{
"name": "USN-3566-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3566-2/"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "USN-4009-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4009-1/"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77950"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11036",
"datePublished": "2019-05-03T19:28:15.566Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:46.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11042 (GCVE-0-2019-11042)
Vulnerability from cvelistv5 – Published: 2019-08-09 19:26 – Updated: 2024-09-17 02:15- CWE-125 - Out-of-bounds Read
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78256"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.x below 7.1.31"
},
{
"status": "affected",
"version": "7.2.x below 7.2.21"
},
{
"status": "affected",
"version": "7.3.x below 7.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By orestiskourides at gmail dot com"
}
],
"datePublic": "2019-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:23.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=78256"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78256"
],
"discovery": "EXTERNAL"
},
"title": "heap-buffer-overflow on exif_process_user_comment in EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-07-30T03:21:00.000Z",
"ID": "CVE-2019-11042",
"STATE": "PUBLIC",
"TITLE": "heap-buffer-overflow on exif_process_user_comment in EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.x below 7.1.31"
},
{
"version_value": "7.2.x below 7.2.21"
},
{
"version_value": "7.3.x below 7.3.8"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By orestiskourides at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78256",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=78256"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190822-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"name": "https://support.apple.com/kb/HT210634",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=78256"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11042",
"datePublished": "2019-08-09T19:26:34.193Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:15:56.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9640 (GCVE-0-2019-9640)
Vulnerability from cvelistv5 – Published: 2019-03-08 23:00 – Updated: 2024-08-04 21:54- n/a
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77540"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4403",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77540"
},
{
"name": "USN-3922-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4403",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4403"
},
{
"name": "https://bugs.php.net/bug.php?id=77540",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77540"
},
{
"name": "USN-3922-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-1/"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html"
},
{
"name": "USN-3922-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-2/"
},
{
"name": "USN-3922-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3922-3/"
},
{
"name": "openSUSE-SU-2019:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0007/"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9640",
"datePublished": "2019-03-08T23:00:00.000Z",
"dateReserved": "2019-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.