Lucene search

K

MitreCVELIST:CVE-2019-9021

HistoryFeb 22, 2019 - 11:00 p.m.

CVE-2019-9021

2019-02-2223:00:00

mitre

www.cve.org

8.7 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html

www.securityfocus.com/bid/106747

www.securityfocus.com/bid/107156

access.redhat.com/errata/RHSA-2019:2519

access.redhat.com/errata/RHSA-2019:3299

bugs.php.net/bug.php?id=77247

security.netapp.com/advisory/ntap-20190321-0001/

usn.ubuntu.com/3902-1/

usn.ubuntu.com/3902-2/

www.debian.org/security/2019/dsa-4398

8.7 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

Related for CVELIST:CVE-2019-9021

alpinelinux2 prion2 nvd2 f51 cve2 debiancve2 redhatcve2 ubuntucve2 osv8 nessus45 openvas26 veracode2 hackerone2 cvelist1 suse4 ubuntu3 debian1 oraclelinux1 almalinux1 rocky1 ibm1 redhat3 rosalinux1