Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

See the

CVE page on Mitre.org for more details.

References

BID: 107156
CONFIRM: https://security.netap...
CONFIRM: https://support.f5.com...
DEBIAN: DSA-4398
MISC: https://bugs.php.net/b...
MISC: https://bugs.php.net/b...
MISC: https://bugs.php.net/b...
MISC: https://bugs.php.net/b...
MISC: https://bugs.php.net/b...
MISC: https://bugs.php.net/b...
MISC: https://bugs.php.net/b...
SUSE: openSUSE-SU-2019:1256
SUSE: openSUSE-SU-2019:1293
SUSE: openSUSE-SU-2019:1572
SUSE: openSUSE-SU-2019:1573
UBUNTU: USN-3902-1
UBUNTU: USN-3902-2
REDHAT: RHSA-2019:2519
REDHAT: RHSA-2019:3299

Launchpad.net

CVE 2019-9023

Related bugs

References