CVE-2019-11049

Опубликовано: 10 дек. 2019

Источник: redhat

CVSS3: 6.5

Описание

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

Отчет

This issue doesn't affect any PHP version as shipped with Red Hat Enterprise Linux or Red Hat Software Collection versions, as the flawed component is exclusive to Windows.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 5	php53	Not affected
Red Hat Enterprise Linux 6	php	Not affected
Red Hat Enterprise Linux 7	php	Not affected
Red Hat Enterprise Linux 8	php:7.2/php	Not affected
Red Hat Enterprise Linux 8	php:7.3/php	Not affected
Red Hat Software Collections	rh-php72-php	Not affected
Red Hat Software Collections	rh-php73-php	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1788586php: double free when supplying custom headers to mail function

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2019-11049

CVSS3: 6.5

ubuntu

больше 5 лет назад

CVE-2019-11049

CVSS3: 6.5

nvd

больше 5 лет назад

CVE-2019-11049

CVSS3: 6.5

debian

больше 5 лет назад

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...

GHSA-h3jj-5ghg-r32j

CVSS3: 9.8

github

около 3 лет назад

6.5 Medium

CVSS3