WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Use After Free Vulnerability (CVE-2019-9020)

Description

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.

Remediation

References

Related Vulnerabilities

WordPress Plugin Web Application Firewall-website security Unspecified Vulnerability (2.1.2)

WordPress Plugin FreeMind WP Browser Cross-Site Request Forgery (1.2)

WordPress Plugin Uncanny Toolkit for LearnDash Cross-Site Request Forgery (3.6.4.1)

WordPress Plugin TableOn-WordPress Posts Table Filterable Cross-Site Scripting (1.0.0)

Apache 2.x version older than 2.0.43

Severity

Critical

Classification

CVE-2019-9020 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities