An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | * | 5.6.40 (excluding) |
Php | Php | 7.0.0 (including) | 7.1.26 (excluding) |
Php | Php | 7.2.0 (including) | 7.2.14 (excluding) |
Php | Php | 7.3.0 (including) | 7.3.1 (excluding) |
Red Hat Enterprise Linux 7 | RedHat | php-0:5.4.16-48.el7 | * |
Red Hat Enterprise Linux 8 | RedHat | php:7.2-8020020191108065827.2c7ca891 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-php71-php-0:7.1.30-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-php72-php-0:7.2.24-1.el7 | * |
Php5 | Ubuntu | trusty | * |
Php7.0 | Ubuntu | xenial | * |
Php7.2 | Ubuntu | bionic | * |
Php7.2 | Ubuntu | cosmic | * |
Php7.2 | Ubuntu | devel | * |
Php7.2 | Ubuntu | upstream | * |
Php7.3 | Ubuntu | upstream | * |