Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11046

Опубликовано: 16 дек. 2019
Источник: redhat
CVSS3: 3.7
EPSS Средний

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Отчет

Any version of PHP as shipped with Red Hat Enterprise Linux are not affected. This flaw affected php running only on top of Windows Operating System, the bug itself is related to OS specific isdigit() function implementation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux 8php:7.2/phpNot affected
Red Hat Enterprise Linux 8php:7.3/phpNot affected
Red Hat Software Collectionsrh-php72-phpNot affected
Red Hat Software Collectionsrh-php73-phpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1786567php: OOB read in bc_shift_addsub

EPSS

Процентиль: 93%
0.1044
Средний

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11046

CVSS3: 3.7
ubuntu
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

nvd логотип

CVE-2019-11046

CVSS3: 3.7
nvd
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

debian логотип

CVE-2019-11046

CVSS3: 3.7
debian
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...

github логотип

GHSA-6c5q-qpjx-9564

CVSS3: 5.3
github
около 3 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

fstec логотип

BDU:2020-01689

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость интерпретатора языка программирования PHP, связанная с чтение за границами буфера памяти, позволяющая нарушителю получить несанкционированный доступ к информации

EPSS

Процентиль: 93%
0.1044
Средний

3.7 Low

CVSS3