PT-2019-4298 · Php+8 · Php+9

Published

2019-10-22

Updated

2026-03-10

CVE-2019-11043

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.1.33 PHP versions prior to 7.2.24 PHP versions prior to 7.3.11

Description The issue is related to a buffer overflow vulnerability in the PHP-FPM component, which can be exploited to execute arbitrary commands on a vulnerable server. This can be achieved by sending a specially crafted URL. The vulnerability affects certain configurations of the FPM setup and can lead to remote code execution. There are reports of a working exploit being publicly available for servers using PHP-FPM with Nginx.

Recommendations For PHP versions prior to 7.1.33, update to version 7.1.33 or later. For PHP versions prior to 7.2.24, update to version 7.2.24 or later. For PHP versions prior to 7.3.11, update to version 7.3.11 or later.

Exploit

Fix

RCE

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

ALSA-2019:3735

ALSA-2019:3736

ALSA-2019_3735

ALSA-2019_3736

ALSA-2020_1624

ALSA-2020_3662

ALSA-2021_1761

ALSA-2021_1879

ALSA-2021_4213

ALSA-2022_1642

ALSA-2022_1764

ALSA-2022_1821

ALSA-2022_1935

ALSA-2022_2201

ALSA-2022_5468

ALSA-2022_5904

ALSA-2022_6158

ALSA-2022_6457

ALSA-2022_7323

ALSA-2022_7624

ALSA-2022_7628

ALSA-2022_7813

ALSA-2022_8197

ALSA-2022_8420

ALSA-2023_0833

ALSA-2023_0848

ALSA-2023_0965

ALSA-2023_2417

ALSA-2023_2763

ALSA-2023_2764

ALSA-2023_2903

ALSA-2024_2987

ALSA-2025_16880

ALT-PU-2019-3161

ALT-PU-2019-3221

BDU:2020-00013

CESA-2019_3286

CESA-2019_3287

CESA-2019_3735

CESA-2019_3736

CVE-2019-11043

DLA-1970-1

DSA-4552-1

DSA-4553-1

ELSA-2019-3286

ELSA-2019-3287

ELSA-2019-3735

ELSA-2019-3736

MGASA-2019-0307

OPENSUSE-SU-2019:2441-1

OPENSUSE-SU-2019:2457-1

OPENSUSE-SU-2019_2441-1

OPENSUSE-SU-2019_2457-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

RHSA-2019:3286

RHSA-2019:3287

RHSA-2019:3299

RHSA-2019:3300

RHSA-2019:3724

RHSA-2019:3735

RHSA-2019:3736

RHSA-2019_3286

RHSA-2019_3287

RHSA-2019_3735

RHSA-2019_3736

RHSA-2020:0322

RHSA-2020:2835

RLSA-2019:3735

RLSA-2019:3736

RLSA-2019_3735

RLSA-2019_3736

SUSE-SU-2019:2809-1

SUSE-SU-2019:2819-1

SUSE-SU-2019:2909-1

SUSE-SU-2019_2809-1

SUSE-SU-2019_2819-1

SUSE-SU-2019_2909-1

SUSE-SU-2020:0522-1

SUSE-SU-2020_0522-1

SUSE-SU-2022:4067-1

SUSE-SU-2022_4067-1

USN-4166-1

USN-4166-2

Affected Products

Alt Linux

Almalinux

Centos

Nginx

Php

Php-Fpm

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-4298 · Php+8 · Php+9

CVE-2019-11043

Weakness Enumeration

Related Identifiers

Affected Products

References · 258