Preface: As of December 2017, PHP makes up over 83% of server side languages used on the internet. As of today, PHP looks running strong because a large amount of users, applications and also legacy applications.
Vulnerability Details:
CVE-2019-9025: PHP mb_split() Function Invalid Multibyte String Vulnerability
Impact: A successful exploit could cause buffer over-read and over-write conditions
Remedy: software update to 7.3.1 – http://php.net/downloads.php
CVE-2019-9023: PHP mbstring Regular Expression Functions Heap-Based Buffer Over-Read Vulnerability
Impact: A successful exploit could cause a heap-based buffer over-read condition.
Remedy: software updates at the following link: PHP 7.1.26, 7.2.14 or 7.3.1 – http://php.net/downloads.php