PT-2019-19314 · Php · Php

Hugh Davenport

Publicado

2019-01-10

Atualizado

2021-07-21

CVE-2019-9025

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.3.1

Description An issue was discovered where an invalid multibyte string supplied as an argument to the mb split() function can cause PHP to execute memcpy() with a negative argument. This could result in reading and writing past buffers allocated for the data.

Recommendations For PHP versions prior to 7.3.1, update to version 7.3.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the mb split() function with unvalidated input until a patch is applied.

Exploit

Correção

Out of bounds Read

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-787

Identificadores relacionados

CVE-2019-9025

Produtos afetados

Php

PT-2019-19314 · Php · Php

CVE-2019-9025

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6