Description

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

Remediation

References

CVE-2019-9024

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-2679)

GlassFish CVE-2017-3247 Vulnerability (CVE-2017-3247)

WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16780)

PHP Configuration Vulnerability (CVE-2008-5844)

Severity

High

Classification

CVE-2019-9024 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities