The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries.
The most severe flaw could be exploited by a remote attacker to execute arbitrary code on
PHP is used by more than 79% of all the websites whose server-side programming language we know. So almost 8 out of every 10 websites that you visit on the Internet are using PHP in some way.
The latest releases include PHP version 7.3.9, 7.2.22 and 7.1.32, and address multiple security vulnerabilities.
Some of the issues could be
The exploitation of some issues could also trigger a denial of service (
One of the vulnerabilities, tracked as CVE-2019-13224, is a ‘use-after-free’ code execution issue that affects the Oniguruma regular expression library. Oniguruma is a BSD licensed regular expression library that supports a variety of character encodings, it is bundled in several programming languages, including PHP.
A remote attacker can trigger this flaw by using a specially crafted regular expression, potentially leading to code execution or causing information disclosure.
“A use-after-free in onig_new_deluxe
According to the experts, none of the addressed issues have been exploited by threat actors in attacks in the wild.