Description

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

Remediation

References

CVE-2019-9025

Related Vulnerabilities

WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5)

WordPress Plugin Coming Soon, Under Construction & Maintenance Mode By Dazzler Cross-Site Scripting (1.6.6)

WordPress Plugin ImageBoss-Images Up To 60% Smaller & CDN Cross-Site Scripting (3.0.4)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

Squid Improper Input Validation Vulnerability (CVE-2021-31808)

Severity

Critical

Classification

CVE-2019-9025 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities