Found in the xmlrpc_decode function, this allows unauthenticated remote attackers to cause a heap out-of-bounds read, potentially leading to system compromise.
This vulnerability occurs when the PHP fopen function is used with a specially crafted URL, allowing an attacker to execute arbitrary code on the server. This vulnerability is particularly severe, as it can lead to remote code execution (RCE) and complete control over the server.
In the software world, few phrases send a chill down a security engineer’s spine like hearing, “Our application runs on PHP version 5.6.40.” php version 5640 vulnerabilities verified
PHP Version 5.6.40: Verified Vulnerabilities and Security Risks
This vulnerability is due to the get_headers() function silently truncating a URL when it encounters a null ( \0 ) byte. This could lead to software making incorrect assumptions based on the truncated URL. For instance, an attacker could craft a URL that appears to point to an allowed domain, but the truncated version is sent to a malicious server under the attacker's control. In the software world, few phrases send a
: A heap-based buffer overflow condition exists in gdImageColorMatch due to improper calculation of the allocated buffer size. Attackers can exploit this by feeding malicious image data into the application. 4. PHAR Extension Heap Buffer Overflow (CVE-2019-9021)
Below are some of the most critical, verified vulnerabilities that impact PHP 5.6.40 directly or affect the PHP 5.6 core architecture without a subsequent official patch. : A heap-based buffer overflow condition exists in
The bcmath extension, which is available on many operating systems, contains a buffer under-read vulnerability. By supplying a string containing characters that are identified as numeric by the operating system but are not ASCII numbers, an attacker could trick the bcmath functions into reading beyond the allocated space. This could lead to memory disclosure, with a CVSS v3 score of 7.5.
Security experts from Zend and Influential Software emphasize that staying on PHP 5.6 is no longer a viable option for organizations.
1. Remote Code Execution via Exif Extension (CVE-2019-11034, CVE-2019-11035)