The vulnerability of the xmlrpc_decode() function, a part of the XMLRPC interpreter for the PHP programming language, relates to the reading of data beyond the buffer memory boundary, allowing attackers to gain access to confidential data.

The xmlrpc_decode function in PHP XMLRPC has a buffer overread, enabling remote access to confidential data.

Reporter	Title	Published	Views	Family All 149
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP.	27 Jan 202016:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP	3 Mar 202002:43	–	ibm
AlpineLinux	CVE-2019-9024	22 Feb 201923:00	–	alpinelinux
AlmaLinux	Moderate: php:7.2 security, bug fix, and enhancement update	28 Apr 202008:57	–	almalinux
Tenable Nessus	CentOS 8 : php:7.2 (CESA-2020:1624)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : php (RHSA-2020:1112)	10 Apr 202000:00	–	nessus
Tenable Nessus	Debian DSA-4398-1 : php7.0 - security update	1 Mar 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-1100)	26 Mar 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1120)	2 Apr 201900:00	–	nessus

Vulners

Node

php_group phpRange<5.6.40

php_group phpRange7.2.0–7.2.14

php_group phpRange7.3.0–7.3.1

php_group phpRange7.0.0–7.1.26

Source	Link
bugs	www.bugs.php.net/bug.php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-9024
security-tracker	www.security-tracker.debian.org/tracker/CVE-2019-9024
suse	www.suse.com/support/update/announcement/2019/suse-su-201914013-1/
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
web	www.web.nvd.nist.gov/view/vuln/detail

30 Sep 2024 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 25

CVSS 37.5

EPSS0.13719