An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Php
  • Php
Netapp
  • Storage Automation Store

Configuration 1 [-]

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4 [-]

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
https://access.redhat.com/errata/RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:3299
https://bugs.php.net/bug.php?id=77369 Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190321-0001/ Third Party Advisory
https://usn.ubuntu.com/3902-1/ Third Party Advisory
https://usn.ubuntu.com/3922-2/ Third Party Advisory
https://usn.ubuntu.com/3922-3/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4398 Third Party Advisory
https://www.tenable.com/security/tns-2019-07
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-02-22T23:00:00

Updated: 2019-11-04T21:06:28

Reserved: 2019-02-22T00:00:00

Link: CVE-2019-9022

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2019-02-22T23:29:00.440

Modified: 2019-06-18T18:15:11.747

Link: CVE-2019-9022

JSON object: View

cve-icon Redhat Information

No data.

CWE