PT-2019-4190 · Pear+1 · Pear Archive Tar+1

Ayesh Karunaratne

Publicado

2019-01-16

Atualizado

2019-12-02

CVE-2019-6338

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Drupal Core versions 7.x prior to 7.62 Drupal Core versions 8.5.x prior to 8.5.9 Drupal Core versions 8.6.x prior to 8.6.6

Description The issue is related to the PEAR Archive Tar library used by Drupal Core, which has a security update that affects some Drupal configurations. The vulnerability is associated with the restoration of an unreliable data structure in memory, allowing a remote attacker to potentially execute arbitrary code.

Recommendations For Drupal Core version 7.x, update to version 7.62 or later. For Drupal Core version 8.5.x, update to version 8.5.9 or later. For Drupal Core version 8.6.x, update to version 8.6.6 or later.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

BDU:2019-04786

CVE-2019-6338

DLA-1685-1

DRUPAL-CORE-2019-001

DSA-4370-1

GHSA-6RMQ-X2HV-VXPP

Produtos afetados

Drupal Core

Pear Archive Tar

PT-2019-4190 · Pear+1 · Pear Archive Tar+1

CVE-2019-6338

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14