PHP 'ext/mbstring/oniguruma/regparse.c' Heap Buffer Overflow Vulnerability
BID:106765
Info
PHP 'ext/mbstring/oniguruma/regparse.c' Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 106765 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2018 12:00AM |
| Updated: | Dec 29 2018 12:00AM |
| Credit: | hugh |
| Vulnerable: |
PHP PHP 7.3 PHP PHP 7.2.13 PHP PHP 7.2.12 PHP PHP 7.2.8 PHP PHP 7.2.7 PHP PHP 7.2.6 PHP PHP 7.2.5 PHP PHP 7.2.4 PHP PHP 7.2.3 PHP PHP 7.2.2 PHP PHP 7.2.1 PHP PHP 7.2 PHP PHP 7.1.25 PHP PHP 7.1.24 PHP PHP 7.1.20 PHP PHP 7.1.17 PHP PHP 7.1.16 PHP PHP 7.1.13 PHP PHP 7.1.12 PHP PHP 7.1.11 PHP PHP 7.1.9 PHP PHP 7.1.8 PHP PHP 7.1.7 PHP PHP 7.1.6 PHP PHP 7.1.5 PHP PHP 7.1.4 PHP PHP 7.1.1 PHP PHP 7.1 PHP PHP 7.0.33 PHP PHP 5.6.39 PHP PHP 5.6.38 PHP PHP 5.6.37 PHP PHP 5.6.36 PHP PHP 5.6.35 PHP PHP 5.6.33 PHP PHP 5.6.32 PHP PHP 5.6.31 PHP PHP 5.6.30 PHP PHP 5.6.29 PHP PHP 5.6.27 PHP PHP 5.6.22 PHP PHP 5.6.21 PHP PHP 5.6.20 PHP PHP 5.6.19 PHP PHP 5.6.18 PHP PHP 5.6.17 PHP PHP 5.6.13 PHP PHP 5.6.12 PHP PHP 5.6.11 PHP PHP 5.6.5 PHP PHP 5.6.4 PHP PHP 5.6.1 PHP PHP 7.2 PHP PHP 7.1.3 PHP PHP 7.1.2 PHP PHP 7.1.14 PHP PHP 5.6.9 PHP PHP 5.6.8 RC1 PHP PHP 5.6.8 PHP PHP 5.6.7 PHP PHP 5.6.6 PHP PHP 5.6.34 PHP PHP 5.6.3 PHP PHP 5.6.28 PHP PHP 5.6.26 PHP PHP 5.6.25 PHP PHP 5.6.24 PHP PHP 5.6.23 PHP PHP 5.6.2 PHP PHP 5.6.14 PHP PHP 5.6.10 |
| Not Vulnerable: |
PHP PHP 7.3.1 PHP PHP 7.2.14 PHP PHP 7.1.26 PHP PHP 5.6.40 |
Discussion
PHP CVE-2019-9023 Multiple Heap Buffer Overflow Vulnerabilities
PHP is prone to multiple heap-based buffer-overflow vulnerabilities.
Successfully exploiting these issues allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP versions prior to 7.3.1, 7.2.14, 7.1.26, 5.6.40 are vulnerable.
PHP is prone to multiple heap-based buffer-overflow vulnerabilities.
Successfully exploiting these issues allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP versions prior to 7.3.1, 7.2.14, 7.1.26, 5.6.40 are vulnerable.
Exploit / POC
PHP CVE-2019-9023 Multiple Heap Buffer Overflow Vulnerabilities
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
PHP CVE-2019-9023 Multiple Heap Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
PHP CVE-2019-9023 Multiple Heap Buffer Overflow Vulnerabilities
References:
References: