PT-2019-5047 · Php+3 · Php+3

Cmb

Published

2019-12-21

Updated

2024-06-15

CVE-2019-11046

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 7.2.x below 7.2.26 PHP versions 7.3.x below 7.3.13 PHP version 7.4.0

Description The issue is related to a buffer overflow vulnerability in the PHP bcmath extension functions. On some systems, including Windows, these functions can be tricked into reading beyond the allocated space by supplying a string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can lead to the disclosure of the content of some memory locations. The vulnerability may allow a remote attacker to gain unauthorized access to information.

Recommendations For PHP version 7.2.x below 7.2.26, update to version 7.2.26 or later. For PHP version 7.3.x below 7.3.13, update to version 7.3.13 or later. For PHP version 7.4.0, update to a later version. As a temporary workaround, consider disabling the bcmath extension functions until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-3355

ALT-PU-2019-3390

ALT-PU-2020-1149

ALT-PU-2020-1206

BDU:2020-01689

CVE-2019-11046

DLA-2050-1

DSA-4626-1

DSA-4628-1

MGASA-2019-0412

OPENSUSE-SU-2020:0080-1

OPENSUSE-SU-2020_0080-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

SUSE-SU-2020:0101-1

SUSE-SU-2020:0267-1

SUSE-SU-2020:0352-1

SUSE-SU-2020:0522-1

SUSE-SU-2020:14289-1

SUSE-SU-2022:4067-1

USN-4239-1

Affected Products

Alt Linux

Php

Suse

Ubuntu

PT-2019-5047 · Php+3 · Php+3

CVE-2019-11046

Weakness Enumeration

Related Identifiers

Affected Products

References · 192