CVE-2019-9022Out-of-bounds Read in PHP

CWE-125Out-of-bounds ReadCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
8.2%
top 7.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PHPPhp5Canonical Ubuntu Linux+1 more
Timeline
PublishedFeb 22
Latest updateJan 27

Description

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDphp/php7.0.07.1.26+2
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.29+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-wvv6-mrff-rp8j: An issue was discovered in PHP 72022-05-14
OSV
php5 vulnerabilities2019-04-23
OSV
php5, php7.0 vulnerabilities2019-03-06
OSV
CVE-2019-9022: An issue was discovered in PHP 72019-02-22

💥Exploits & PoCs

1
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution2019-12-05

📋Vendor Advisories

5
CISA ICS
Festo Didactic SE MES PC2026-01-27
Ubuntu
PHP vulnerabilities2019-04-25
Ubuntu
PHP vulnerabilities2019-04-23
Ubuntu
PHP vulnerabilities2019-03-06
Red Hat
php: memcpy with negative length via crafted DNS response2018-12-29

💬Community

1
Bugzilla
CVE-2019-9022 php: memcpy with negative length via crafted DNS response2019-03-05