CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2018-9984 (GCVE-0-2018-9984)
Vulnerability from cvelistv5 – Published: 2018-05-17 15:00 – Updated: 2024-08-05 07:24
VLAI
Summary
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.foxitsoftware.com/support/security-bu… | x_refsource_CONFIRM |
| https://zerodayinitiative.com/advisories/ZDI-18-382 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | Foxit Reader |
Affected:
9.0.0.29935
|
Date Public
2018-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Foxit Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "9.0.0.29935"
}
]
}
],
"datePublic": "2018-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125-Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T14:57:01.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.0.29935"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-382",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2018-9984",
"datePublished": "2018-05-17T15:00:00.000Z",
"dateReserved": "2018-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:24:56.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10129 (GCVE-0-2019-10129)
Vulnerability from cvelistv5 – Published: 2019-07-30 16:10 – Updated: 2024-08-04 22:10
VLAI
Summary
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).
Severity
6.5 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/202003-03 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.postgresql.org/about/news/1939/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PostgreSQL Project | postgresql |
Affected:
11.x prior to 11.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202003-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/1939/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "postgresql",
"vendor": "PostgreSQL Project",
"versions": [
{
"status": "affected",
"version": "11.x prior to 11.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-202003-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.postgresql.org/about/news/1939/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "11.x prior to 11.3"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052)."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202003-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
},
{
"name": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"url": "https://www.postgresql.org/about/news/1939/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10129",
"datePublished": "2019-07-30T16:10:04.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10209 (GCVE-0-2019-10209)
Vulnerability from cvelistv5 – Published: 2019-10-29 13:11 – Updated: 2024-08-04 22:17
VLAI
Summary
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.postgresql.org/about/news/1960/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PostgreSQL | postgresql |
Affected:
all 11.x before 11.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:20.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/1960/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "postgresql",
"vendor": "PostgreSQL",
"versions": [
{
"status": "affected",
"version": "all 11.x before 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T13:11:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.postgresql.org/about/news/1960/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "all 11.x before 11.5"
}
]
}
}
]
},
"vendor_name": "PostgreSQL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209"
},
{
"name": "https://www.postgresql.org/about/news/1960/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1960/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10209",
"datePublished": "2019-10-29T13:11:45.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:20.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10949 (GCVE-0-2019-10949)
Vulnerability from cvelistv5 – Published: 2019-04-17 14:03 – Updated: 2024-08-04 22:40
VLAI
Summary
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.
Severity
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/107989 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Delta Industrial Automation CNCSoft |
Affected:
CNCSoft ScreenEditor Version 1.00.88 and prior.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-418/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-406/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-419/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-412/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-413/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-416/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-411/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-415/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-407/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-409/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-414/"
},
{
"name": "107989",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Delta Industrial Automation CNCSoft",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CNCSoft ScreenEditor Version 1.00.88 and prior."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T08:06:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-418/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-406/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-419/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-412/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-413/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-416/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-411/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-415/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-407/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-409/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-414/"
},
{
"name": "107989",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Delta Industrial Automation CNCSoft",
"version": {
"version_data": [
{
"version_value": "CNCSoft ScreenEditor Version 1.00.88 and prior."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-418/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-418/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-406/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-406/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-419/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-419/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-412/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-412/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-413/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-413/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-416/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-416/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-411/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-411/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-415/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-415/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-407/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-407/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-409/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-409/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-414/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-414/"
},
{
"name": "107989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10949",
"datePublished": "2019-04-17T14:03:17.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10975 (GCVE-0-2019-10975)
Vulnerability from cvelistv5 – Published: 2019-07-02 19:15 – Updated: 2024-08-04 22:40
VLAI
Summary
An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system.
Severity
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/108359 | vdb-entryx_refsource_BID |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.us-cert.gov/ics/advisories/ICSA-19-13… | x_refsource_MISC |
| https://felib.fujielectric.co.jp/download/search2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Electric | Alpha7 PC Loader |
Affected:
Versions 1.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108359"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-517/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-136-02%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1\u0026site=global\u0026lang=en\u0026documentGroup=software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alpha7 PC Loader",
"vendor": "Fuji Electric",
"versions": [
{
"status": "affected",
"version": "Versions 1.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T19:16:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "108359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108359"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-517/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-136-02%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1\u0026site=global\u0026lang=en\u0026documentGroup=software"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alpha7 PC Loader",
"version": {
"version_data": [
{
"version_value": "Versions 1.1 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108359"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-517/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-517/"
},
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-136-02,",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-136-02,"
},
{
"name": "https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1\u0026site=global\u0026lang=en\u0026documentGroup=software",
"refsource": "MISC",
"url": "https://felib.fujielectric.co.jp/download/search2.htm?dosearch=1\u0026site=global\u0026lang=en\u0026documentGroup=software"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10975",
"datePublished": "2019-07-02T19:15:15.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10992 (GCVE-0-2019-10992)
Vulnerability from cvelistv5 – Published: 2019-07-24 14:55 – Updated: 2024-08-04 22:40
VLAI
Summary
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.
Severity
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-192-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | CNCSoft ScreenEditor |
Affected:
Versions 1.00.89 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CNCSoft ScreenEditor",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "Versions 1.00.89 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-24T14:55:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CNCSoft ScreenEditor",
"version": {
"version_data": [
{
"version_value": "Versions 1.00.89 and prior"
}
]
}
}
]
},
"vendor_name": "Delta Electronics"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10992",
"datePublished": "2019-07-24T14:55:19.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10994 (GCVE-0-2019-10994)
Vulnerability from cvelistv5 – Published: 2019-08-05 18:41 – Updated: 2024-08-04 22:40
VLAI
Summary
Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Severity
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-213-06 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | LCDS LAquis SCADA |
Affected:
4.3.1.71
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS LAquis SCADA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3.1.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T18:41:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.3.1.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10994",
"datePublished": "2019-08-05T18:41:18.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11034 (GCVE-0-2019-11034)
Vulnerability from cvelistv5 – Published: 2019-04-18 16:57 – Updated: 2024-09-17 02:31
VLAI
Title
Heap over-read in PHP EXIF extension
Summary
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
14 references
Impacted products
Date Public
2019-04-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77753"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.1.28",
"status": "affected",
"version": "7.1.x",
"versionType": "custom"
},
{
"lessThan": "7.2.17",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13723"
}
],
"datePublic": "2019-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:20.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77753"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77753"
],
"discovery": "INTERNAL"
},
"title": "Heap over-read in PHP EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-04-01T11:44:00.000Z",
"ID": "CVE-2019-11034",
"STATE": "PUBLIC",
"TITLE": "Heap over-read in PHP EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.1.x",
"version_value": "7.1.28"
},
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.17"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.4"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13723"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77753",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77753"
},
{
"name": "USN-3953-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"name": "https://support.f5.com/csp/article/K44590877",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77753"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11034",
"datePublished": "2019-04-18T16:57:00.954Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:25.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11035 (GCVE-0-2019-11035)
Vulnerability from cvelistv5 – Published: 2019-04-18 16:57 – Updated: 2024-09-17 03:43
VLAI
Title
Heap over-read in PHP EXIF extension
Summary
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
14 references
Impacted products
Date Public
2019-04-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77831"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.1.28",
"status": "affected",
"version": "7.1.x",
"versionType": "custom"
},
{
"lessThan": "7.2.17",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13938"
}
],
"datePublic": "2019-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:28.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77831"
},
{
"name": "USN-3953-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77831"
],
"discovery": "INTERNAL"
},
"title": "Heap over-read in PHP EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-04-01T11:44:00.000Z",
"ID": "CVE-2019-11035",
"STATE": "PUBLIC",
"TITLE": "Heap over-read in PHP EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.1.x",
"version_value": "7.1.28"
},
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.17"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.4"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Found by OSS-Fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13938"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77831",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77831"
},
{
"name": "USN-3953-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-1/"
},
{
"name": "USN-3953-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3953-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0001/"
},
{
"name": "https://support.f5.com/csp/article/K44590877",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44590877"
},
{
"name": "[debian-lts-announce] 20190525 [SECURITY] [DLA 1803-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"name": "openSUSE-SU-2019:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"source": {
"advisory": "https://www.php.net/ChangeLog-7.php#7.1.28",
"defect": [
"https://bugs.php.net/bug.php?id=77831"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11035",
"datePublished": "2019-04-18T16:57:00.996Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:08.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11039 (GCVE-0-2019-11039)
Vulnerability from cvelistv5 – Published: 2019-06-18 23:28 – Updated: 2024-09-17 00:21
VLAI
Title
Out-of-bounds read in iconv.c
Summary
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
Severity
4.2 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=78069 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2519 | vendor-advisoryx_refsource_REDHAT |
| https://seclists.org/bugtraq/2019/Sep/35 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2019/dsa-4527 | vendor-advisoryx_refsource_DEBIAN |
| https://www.debian.org/security/2019/dsa-4529 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Sep/38 | mailing-listx_refsource_BUGTRAQ |
| https://access.redhat.com/errata/RHSA-2019:3299 | vendor-advisoryx_refsource_REDHAT |
Impacted products
Date Public
2019-05-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78069"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.30"
},
{
"status": "affected",
"version": "7.2.19"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By maris dot adam at gmail dot com"
}
],
"datePublic": "2019-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:18.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=78069"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78069"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds read in iconv.c",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
"ID": "CVE-2019-11039",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in iconv.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.30"
},
{
"version_value": "7.2.19"
},
{
"version_value": "7.3.6"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By maris dot adam at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78069",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=78069"
},
{
"name": "openSUSE-SU-2019:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=78069"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11039",
"datePublished": "2019-06-18T23:28:28.280Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:46.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.