netapp storage-automation-store CVE-2019-9023 vulnerability in NetApp and Other Products
Published on February 22, 2019

product logo product logo product logo product logo product logo
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-9023

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-9023 are published in these products:

NetApp Storage Automation Store
 
PHP
 
Canonical Ubuntu Linux
 
Debian Linux
 
OpenSuse Leap
 

Exploit Probability

EPSS
11.52%
Percentile
93.48%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.