Memory corruption

2019-12-2303:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.6%

JSON

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren’t ASCII numbers. This can read to disclosure of the content of some memory locations.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq19.04
ubuntu_linuxeq14.04
ubuntu_linuxeq19.10
ubuntu_linuxeq16.04
ubuntu_linuxeq12.04
debian_linuxeq8.0
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq30

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	19.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	19.10
ubuntu_linux	eq	16.04
ubuntu_linux	eq	12.04
debian_linux	eq	8.0
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	30