Description

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

Remediation

References

CVE-2019-9024

Related Vulnerabilities

WordPress Plugin SB Welcome Email Editor Unspecified Vulnerability (4.1)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3271)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000867)

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)

Severity

High

Classification

CVE-2019-9024 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities