An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. References: https://bugs.php.net/bug.php?id=77242 https://bugs.php.net/bug.php?id=77249 Upstream commit: http://git.php.net/?p=php-src.git;a=commit;h=780ff63c377dc79de2c04d6b341913ab0102135b
Analysis: When malicious data is passed via xmlrpc_decode() function of PHP, it can trigger either a OOB read or a use-after-free. The PHP script needs to allow users (attacker) to load arbitrary XML data though.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9020
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1624 https://access.redhat.com/errata/RHSA-2020:1624