Description

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

Remediation

References

CVE-2019-9022

Related Vulnerabilities

Squid Integer Overflow or Wraparound Vulnerability (CVE-2021-31807)

WordPress Plugin GD Rating System Multiple Vulnerabilities (2.3)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.38)

WordPress 4.5.x Arbitrary File Deletion Vulnerability (4.5 - 4.5.14)

WordPress Plugin Form for WordPress-Zoho Forms Cross-Site Scripting (3.0)

Severity

High

Classification

CVE-2019-9022 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities