HannoH1:477897

HistoryJan 11, 2019 - 10:11 a.m.

Vulners
/
Hackerone
/
Internet Bug Bounty: buffer overread in base64 code of the xmlrpc module

Internet Bug Bounty: buffer overread in base64 code of the xmlrpc module

2019-01-1110:11:55

hanno

hackerone.com

$500

0.011 Low

EPSS

Percentile

84.8%

JSON

Malformed input to the xmlrpc_decode function can cause an out of bounds read in the base64 code.

This is fixed in the latest updates of PHP (7.3.1 etc.)

Report:
https://bugs.php.net/bug.php?id=77380

Impact

If the attacker has access to the decoded output this may leak memory contents.

prion 1

alpinelinux 1

ubuntucve 1

osv 5

cve 1

redhatcve 1

veracode 1

cvelist 1

nvd 1

debiancve 1

openvas 20

nessus 38

redhat 4

ubuntu 2

centos 1

debian 1

oraclelinux 2

suse 4

ibm 3

almalinux 1

rocky 1

rosalinux 1

prion

Design/Logic Flaw

2019-02-22 23:29:00

alpinelinux

CVE-2019-9024

2019-02-22 23:29:00

ubuntucve

CVE-2019-9024

2019-02-22 00:00:00

osv

CVE-2019-9024

2019-02-22 23:29:00

php7.0 - security update

2019-02-28 00:00:00

php5 - security update

2019-02-16 00:00:00

cve

CVE-2019-9024

2019-02-22 23:29:00

redhatcve

CVE-2019-9024

2020-03-15 19:46:40

veracode

Information Disclosure

2019-08-20 00:10:43

cvelist

CVE-2019-9024

2019-02-22 23:00:00

nvd

CVE-2019-9024

2019-02-22 23:29:00

debiancve

CVE-2019-9024

2019-02-22 23:29:00

openvas

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1264)

2020-01-23 00:00:00

Ubuntu: Security Advisory (USN-3902-2)

2022-08-26 00:00:00

Debian: Security Advisory (DSA-4398-1)

2019-02-27 00:00:00

nessus

EulerOS Virtualization 2.5.3 : php (EulerOS-SA-2019-1264)

2019-04-04 00:00:00

NewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2020-0059)

2020-12-09 00:00:00

CentOS 7 : php (CESA-2020:1112)

2020-04-10 00:00:00

redhat

(RHSA-2020:1112) Moderate: php security update

2020-03-31 09:20:14

(RHSA-2020:1624) Moderate: php:7.2 security, bug fix, and enhancement update

2020-04-28 08:57:54

(RHSA-2019:3299) Critical: rh-php72-php security update

2019-11-01 12:22:19

ubuntu

PHP vulnerabilities

2019-03-12 00:00:00

PHP vulnerabilities

2019-03-06 00:00:00

centos

php security update

2020-04-08 19:04:38

debian

[SECURITY] [DSA 4398-1] php7.0 security update

2019-02-28 22:04:23

oraclelinux

php security update

2020-04-06 00:00:00

php:7.2 security, bug fix, and enhancement update

2020-05-05 00:00:00

suse

Security update for php5 (moderate)

2019-04-23 00:00:00

Security update for php7 (moderate)

2019-04-29 00:00:00

Security update for php7 (moderate)

2019-06-18 00:00:00

ibm

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP.

2020-01-27 16:55:56

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP

2023-12-07 22:45:07

Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP

2020-03-03 02:43:43

almalinux

Moderate: php:7.2 security, bug fix, and enhancement update

2020-04-28 08:57:54

rocky

php:7.2 security, bug fix, and enhancement update

2020-04-28 08:57:54

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.011 Low

EPSS

Percentile

84.8%

JSON

Related for H1:477897