Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11043

Опубликовано: 28 окт. 2019
Источник: debian

Описание

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.3fixed7.3.11-1~deb10u1package
php7.0removedpackage
php5removedpackage

Примечания

  • Fixed in PHP 7.3.11, 7.2.24

  • PHP Bug: https://bugs.php.net/bug.php?id=78599

  • https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx

  • https://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a

Связанные уязвимости

CVSS3: 8.7
ubuntu
почти 6 лет назад

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CVSS3: 8.1
redhat
почти 6 лет назад

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CVSS3: 8.7
nvd
почти 6 лет назад

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

suse-cvrf
больше 5 лет назад

Security update for php7

suse-cvrf
почти 6 лет назад

Security update for php7