Exploit h33

Published on February 27th, 2019 📆 | 5712 Views ⚑

0

PHP CVE-2019-9023 Multiple Heap Buffer Overflow Vulnerabilities

PHP is prone to multiple heap-based buffer-overflow vulnerabilities.

Successfully exploiting these issues allow attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
PHP versions prior to 7.3.1, 7.2.14, 7.1.26, 5.6.40 are vulnerable.

Information

Bugtraq ID: 106765
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: No
Published: Dec 29 2018 12:00AM
Updated: Dec 29 2018 12:00AM
Credit: hugh
Vulnerable: PHP PHP 7.3
PHP PHP 7.2.13
PHP PHP 7.2.12
PHP PHP 7.2.8
PHP PHP 7.2.7
PHP PHP 7.2.6
PHP PHP 7.2.5
PHP PHP 7.2.4
PHP PHP 7.2.3
PHP PHP 7.2.2
PHP PHP 7.2.1
PHP PHP 7.2
PHP PHP 7.1.25
PHP PHP 7.1.24
PHP PHP 7.1.20
PHP PHP 7.1.17
PHP PHP 7.1.16
PHP PHP 7.1.13
PHP PHP 7.1.12
PHP PHP 7.1.11
PHP PHP 7.1.9
PHP PHP 7.1.8
PHP PHP 7.1.7
PHP PHP 7.1.6
PHP PHP 7.1.5
PHP PHP 7.1.4
PHP PHP 7.1.1
PHP PHP 7.1
PHP PHP 7.0.33
PHP PHP 5.6.39
PHP PHP 5.6.38
PHP PHP 5.6.37
PHP PHP 5.6.36
PHP PHP 5.6.35
PHP PHP 5.6.33
PHP PHP 5.6.32
PHP PHP 5.6.31
PHP PHP 5.6.30
PHP PHP 5.6.29
PHP PHP 5.6.27
PHP PHP 5.6.22
PHP PHP 5.6.21
PHP PHP 5.6.20
PHP PHP 5.6.19
PHP PHP 5.6.18
PHP PHP 5.6.17
PHP PHP 5.6.13
PHP PHP 5.6.12
PHP PHP 5.6.11
PHP PHP 5.6.5
PHP PHP 5.6.4
PHP PHP 5.6.1
PHP PHP 7.2
PHP PHP 7.1.3
PHP PHP 7.1.2
PHP PHP 7.1.14
PHP PHP 5.6.9
PHP PHP 5.6.8 RC1
PHP PHP 5.6.8
PHP PHP 5.6.7
PHP PHP 5.6.6
PHP PHP 5.6.34
PHP PHP 5.6.3
PHP PHP 5.6.28
PHP PHP 5.6.26
PHP PHP 5.6.25
PHP PHP 5.6.24
PHP PHP 5.6.23
PHP PHP 5.6.2
PHP PHP 5.6.14
PHP PHP 5.6.10

Not Vulnerable: PHP PHP 7.3.1
PHP PHP 7.2.14
PHP PHP 7.1.26
PHP PHP 5.6.40

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

 

 



Leave a Reply

Your email address will not be published. Required fields are marked *


Back to Top ↑