Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9025)

Description

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

Remediation

References

Related Vulnerabilities

Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)

WordPress Plugin Basic Google Maps Placemarks Cross-Site Scripting (1.10.2)

WordPress Plugin Bulk Delete Users by Email Cross-Site Request Forgery (1.0)

WordPress Plugin Cryptocurrency Widgets Pack SQL Injection (1.8.1)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9457)

Severity

Critical

Classification

CVE-2019-9025 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities