CVE-2019-9020
CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
Affected Platforms (CPE)
📦
Php
Php
< 5.6.40📦
Php
Php
>= 7.0.0 and < 7.1.26📦
Php
Php
>= 7.2.0 and < 7.2.14📦
Php
Php
>= 7.3.0 and < 7.3.1💻
Debian
Debian Linux
= 9.0💻
Canonical
Ubuntu Linux
= 12.04💻
Canonical
Ubuntu Linux
= 14.04💻
Canonical
Ubuntu Linux
= 16.04📦
Netapp
Storage Automation Store
All versions💻
Opensuse