Ubuntu.comUB:CVE-2019-9023CVE-2019-9023
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x
before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer
over-read instances are present in mbstring regular expression functions
when supplied with invalid multibyte data. These occur in
ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c,
ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c,
and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular
expression pattern contains invalid multibyte sequences.
Bugs
- <https://bugs.php.net/bug.php?id=77370>
- <https://bugs.php.net/bug.php?id=77371>
- <https://bugs.php.net/bug.php?id=77381>
- <https://bugs.php.net/bug.php?id=77382>
- <https://bugs.php.net/bug.php?id=77385>
- <https://bugs.php.net/bug.php?id=77394>
- <https://bugs.php.net/bug.php?id=77418>
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%