Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-11046

Опубликовано: 23 дек. 2019
Источник: nvd
CVSS3: 3.7
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.2.0 (включая) до 7.2.26 (включая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.3.0 (включая) до 7.3.13 (включая)
cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Конфигурация 6
cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*
Версия до 5.19.0 (исключая)

EPSS

Процентиль: 93%
0.1044
Средний

3.7 Low

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2019-11046

CVSS3: 3.7
ubuntu
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

redhat логотип

CVE-2019-11046

CVSS3: 3.7
redhat
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

debian логотип

CVE-2019-11046

CVSS3: 3.7
debian
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...

github логотип

GHSA-6c5q-qpjx-9564

CVSS3: 5.3
github
около 3 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

fstec логотип

BDU:2020-01689

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость интерпретатора языка программирования PHP, связанная с чтение за границами буфера памяти, позволяющая нарушителю получить несанкционированный доступ к информации

EPSS

Процентиль: 93%
0.1044
Средний

3.7 Low

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125
CWE-125