The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries.
The most severe flaw could be exploited by a remote attacker to execute arbitrary code on
PHP is used by more than 79% of all the websites whose server-side programming language we know. So almost 8 out of every 10 websites that you visit on the Internet are using PHP in some way.
The latest releases include PHP version 7.3.9, 7.2.22 and 7.1.32, and address multiple security vulnerabilities.
Some of the issues could be
The exploitation of some issues could also trigger a denial of service (
One of the vulnerabilities, tracked as CVE-2019-13224, is a ‘use-after-free’ code execution issue that affects the Oniguruma regular expression library. Oniguruma is a BSD licensed regular expression library that supports a variety of character encodings, it is bundled in several programming languages, including PHP.
A remote attacker can trigger this flaw by using a specially crafted regular expression, potentially leading to code execution or causing information disclosure.
“A use-after-free in onig_new_deluxe
According to the experts, none of the addressed issues have been exploited by threat actors in attacks in the wild.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.