Executive Summary

Informations
NameCVE-2019-9675First vendor Publication2019-03-11
VendorCveLast vendor Modification2019-06-03

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9675

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application155
Os2
Os1

Sources (Detail)

SourceUrl
MISC http://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=77586
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
UBUNTU https://usn.ubuntu.com/3922-2/
https://usn.ubuntu.com/3922-3/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2019-06-19 12:10:22
  • Multiple Updates
2019-06-08 12:10:43
  • Multiple Updates
2019-06-08 00:19:21
  • Multiple Updates
2019-06-03 21:19:24
  • Multiple Updates
2019-05-11 00:19:05
  • Multiple Updates
2019-04-29 21:19:31
  • Multiple Updates
2019-04-25 21:19:36
  • Multiple Updates
2019-04-25 00:19:10
  • Multiple Updates
2019-04-23 21:19:23
  • Multiple Updates
2019-04-20 12:09:02
  • Multiple Updates
2019-03-11 21:19:49
  • Multiple Updates
2019-03-11 13:19:03
  • First insertion