Lucene search

[email protected]CVE-2019-9024

HistoryFeb 22, 2019 - 11:29 p.m.

CVE-2019-9024

2019-02-2223:29:00

CWE-125

[email protected]

web.nvd.nist.gov

1110

php

vulnerability

xmlrpc_decode

cve-2019-9024

nvd

memory

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.011 Low

EPSS

Percentile

84.5%

JSON

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

CPENameOperatorVersion
php:phpphplt7.2.14
php:phpphplt7.1.26
php:phpphplt5.6.40
php:phpphplt7.3.1
debian:debian_linuxdebian debian linuxeq9.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
netapp:storage_automation_storenetapp storage automation storeeq-
opensuse:leapopensuse leapeq42.3

CPE	Name	Operator	Version
php:php	php	lt	7.2.14
php:php	php	lt	7.1.26
php:php	php	lt	5.6.40
php:php	php	lt	7.3.1
debian:debian_linux	debian debian linux	eq	9.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
netapp:storage_automation_store	netapp storage automation store	eq	-
opensuse:leap	opensuse leap	eq	42.3