Description
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin SB Welcome Email Editor Unspecified Vulnerability (4.1)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3271)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)