PT-2019-5047 · Php+3 · Php+3

Cmb

Publicado

2019-12-21

Atualizado

2024-06-15

CVE-2019-11046

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 7.2.x below 7.2.26 PHP versions 7.3.x below 7.3.13 PHP version 7.4.0

Description The issue is related to a buffer overflow vulnerability in the PHP bcmath extension functions. On some systems, including Windows, these functions can be tricked into reading beyond the allocated space by supplying a string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can lead to the disclosure of the content of some memory locations. The vulnerability may allow a remote attacker to gain unauthorized access to information.

Recommendations For PHP version 7.2.x below 7.2.26, update to version 7.2.26 or later. For PHP version 7.3.x below 7.3.13, update to version 7.3.13 or later. For PHP version 7.4.0, update to a later version. As a temporary workaround, consider disabling the bcmath extension functions until a patch is available.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-3355

ALT-PU-2019-3390

ALT-PU-2020-1149

ALT-PU-2020-1206

BDU:2020-01689

CVE-2019-11046

DLA-2050-1

DSA-4626-1

DSA-4628-1

MGASA-2019-0412

OPENSUSE-SU-2020:0080-1

OPENSUSE-SU-2020_0080-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

SUSE-SU-2020:0101-1

SUSE-SU-2020:0267-1

SUSE-SU-2020:0352-1

SUSE-SU-2020:0522-1

SUSE-SU-2020:14289-1

SUSE-SU-2022:4067-1

USN-4239-1

Produtos afetados

Alt Linux

Php

Suse

Ubuntu

PT-2019-5047 · Php+3 · Php+3

CVE-2019-11046

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 192