Security Advisory

CVE-2019-9025

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-02-22 23:00:00

Last updated 2024-08-04 21:38:45

Assigner mitre

State PUBLISHED

Description

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

← Browse all CVEs View on cve.org ↗