Showing 1 - 6 of 6

CVE-2019-9021

Status Candidate

Overview

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.

Related Files

Red Hat Security Advisory 2020-1624-01: Posted Apr 28, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-1624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, information leakage, integer overflow, and out of bounds read vulnerabilities.; tags | advisory, web, overflow, php, vulnerability; systems | linux, redhat; advisories | CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640; MD5 | 654cda5bc83e59369a9511877f52d8d1; Download | Favorite | View

Red Hat Security Advisory 2019-3299-01: Posted Nov 1, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.; tags | advisory, web, overflow, php, vulnerability; systems | linux, redhat; advisories | CVE-2016-10166, CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640; MD5 | 0b3a743000a8d1ce9382590da63feba1; Download | Favorite | View

Red Hat Security Advisory 2019-2519-01: Posted Aug 19, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.; tags | advisory, web, denial of service, overflow, php, vulnerability, xss; systems | linux, redhat; advisories | CVE-2016-10166, CVE-2017-12932, CVE-2017-16642, CVE-2017-9118, CVE-2017-9120, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-14851, CVE-2018-14884, CVE-2018-17082, CVE-2018-20783, CVE-2018-5711, CVE-2018-5712, CVE-2018-7584, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022; MD5 | 78b5fcb3a3c8f8ee710500de6377153e; Download | Favorite | View

Ubuntu Security Notice USN-3902-2: Posted Mar 12, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, remote, denial of service, php; systems | linux, ubuntu; advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024; MD5 | 65357e37cae18068e3e84434235d1e1f; Download | Favorite | View

Ubuntu Security Notice USN-3902-1: Posted Mar 6, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3902-1 - It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.; tags | advisory, remote, denial of service, php; systems | linux, ubuntu; advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024; MD5 | 9715d43e4e828f788c824aa665b39b95; Download | Favorite | View

Debian Security Advisory 4398-1: Posted Mar 1, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4398-1 - Multiple security issues were found in PHP, a widely-used open source accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record() function.; tags | advisory, php; systems | linux, debian; advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024; MD5 | 8c1bd1667e1294d949b291cba48d2f94; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 122 files
Ubuntu 47 files
malvuln 41 files
Google Security Research 9 files
Vulnerability Laboratory 7 files
LiquidWorm 6 files
Yvan Genuer 6 files
nu11secur1ty 6 files
twseptian 4 files
Ron Jost 4 files

File Archives

Systems

AIX (423)
Apple (1,853)
BSD (368)
CentOS (55)
Cisco (1,909)
Debian (5,947)
Fedora (1,690)
FreeBSD (1,241)
Gentoo (4,149)
HPUX (875)
iOS (310)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (41,373)
Mac OS X (682)
Mandriva (3,105)
NetBSD (255)
OpenBSD (476)
RedHat (10,981)
Slackware (941)
Solaris (1,601)
SUSE (1,444)
Ubuntu (7,592)
UNIX (9,014)
UnixWare (182)
Windows (6,263)
Other

CVE-2019-9021

Overview

Related Files

File Archive:

January 2022

Top Authors In Last 30 Days

File Tags

File Archives

Systems