CVE-2019-11048

Name of the Vulnerable Software and Affected Versions PHP versions 7.2.x through 7.2.30 PHP versions 7.3.x through 7.3.17 PHP versions 7.4.x through 7.4.5

Description The issue is related to an integer overflow buffer in the PHP language interpreter. Exploitation of this issue could allow a remote attacker to cause a denial of service. When HTTP file uploads are allowed, supplying overly long filenames or field names could lead the PHP engine to try to allocate oversized memory storage, hit the memory limit, and stop processing the request without cleaning up temporary files created by the upload request. This could potentially lead to accumulation of uncleaned temporary files, exhausting the disk space on the target server.

Recommendations For PHP versions 7.2.x through 7.2.30, update to version 7.2.31 or later to resolve the issue. For PHP versions 7.3.x through 7.3.17, update to version 7.3.18 or later to resolve the issue. For PHP versions 7.4.x through 7.4.5, update to version 7.4.6 or later to resolve the issue. As a temporary workaround, consider restricting HTTP file uploads or limiting the length of filenames and field names to prevent exploitation.