Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-20455
CVE-2019-20455:
PHP vulnerability analysis and mitigation
Overview
CVE-2019-20455 was identified in radare2 prior to version 3.1.1. The vulnerability is related to the parseOperand function inside libr/asm/p/asm_x86_nz.c, which may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file (CVE Details).
Technical details
The vulnerability exists in the parseOperand function within libr/asm/p/asm_x86_nz.c component of radare2. The issue stems from improper input validation that can lead to a stack-based buffer overflow condition. When processing crafted input files, the vulnerability can be triggered, potentially causing the application to crash (CVE Details).
Impact
The successful exploitation of this vulnerability can lead to a denial of service condition, causing the application to crash. This affects the availability of the radare2 system when processing maliciously crafted input files (CVE Details).
Mitigation and workarounds
The primary mitigation for this vulnerability is to upgrade radare2 to a version after 3.1.1, which contains the fix for this issue (CVE Details).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management