PHP CVE-2019-9023 Multiple Heap Buffer Overflow Vulnerabilities



PHP is prone to multiple heap-based buffer-overflow vulnerabilities.

Successfully exploiting these issues allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP versions prior to 7.3.1, 7.2.14, 7.1.26, 5.6.40 are vulnerable.

Information

Bugtraq ID: 106765
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: No
Published: Dec 29 2018 12:00AM
Updated: Dec 29 2018 12:00AM
Credit: hugh
Vulnerable: PHP PHP 7.3
PHP PHP 7.2.13
PHP PHP 7.2.12
PHP PHP 7.2.8
PHP PHP 7.2.7
PHP PHP 7.2.6
PHP PHP 7.2.5
PHP PHP 7.2.4
PHP PHP 7.2.3
PHP PHP 7.2.2
PHP PHP 7.2.1
PHP PHP 7.2
PHP PHP 7.1.25
PHP PHP 7.1.24
PHP PHP 7.1.20
PHP PHP 7.1.17
PHP PHP 7.1.16
PHP PHP 7.1.13
PHP PHP 7.1.12
PHP PHP 7.1.11
PHP PHP 7.1.9
PHP PHP 7.1.8
PHP PHP 7.1.7
PHP PHP 7.1.6
PHP PHP 7.1.5
PHP PHP 7.1.4
PHP PHP 7.1.1
PHP PHP 7.1
PHP PHP 7.0.33
PHP PHP 5.6.39
PHP PHP 5.6.38
PHP PHP 5.6.37
PHP PHP 5.6.36
PHP PHP 5.6.35
PHP PHP 5.6.33
PHP PHP 5.6.32
PHP PHP 5.6.31
PHP PHP 5.6.30
PHP PHP 5.6.29
PHP PHP 5.6.27
PHP PHP 5.6.22
PHP PHP 5.6.21
PHP PHP 5.6.20
PHP PHP 5.6.19
PHP PHP 5.6.18
PHP PHP 5.6.17
PHP PHP 5.6.13
PHP PHP 5.6.12
PHP PHP 5.6.11
PHP PHP 5.6.5
PHP PHP 5.6.4
PHP PHP 5.6.1
PHP PHP 7.2
PHP PHP 7.1.3
PHP PHP 7.1.2
PHP PHP 7.1.14
PHP PHP 5.6.9
PHP PHP 5.6.8 RC1
PHP PHP 5.6.8
PHP PHP 5.6.7
PHP PHP 5.6.6
PHP PHP 5.6.34
PHP PHP 5.6.3
PHP PHP 5.6.28
PHP PHP 5.6.26
PHP PHP 5.6.25
PHP PHP 5.6.24
PHP PHP 5.6.23
PHP PHP 5.6.2
PHP PHP 5.6.14
PHP PHP 5.6.10


Not Vulnerable: PHP PHP 7.3.1
PHP PHP 7.2.14
PHP PHP 7.1.26
PHP PHP 5.6.40


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Source: www.securityfocus.com
Related Posts