CVE-2019-11046
Summary
| CVE | CVE-2019-11046 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-23 03:15:00 UTC |
| Updated | 2023-11-07 03:02:00 UTC |
| Description | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Application | Php | Php | 7.4.0 | All | All | All |
| Application | Php | Php | 7.4.0 | All | All | All |
| Application | Php | Php | All | All | All | All |
| Application | Php | Php | All | All | All | All |
| Application | Tenable | Securitycenter | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.f5.com/csp/article/K48866433 | CONFIRM | support.f5.com | |
| [SECURITY] Fedora 31 Update: php-7.3.13-1.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Bugtraq: [SECURITY] [DSA 4626-1] php7.3 security update | BUGTRAQ | seclists.org | |
| [SECURITY] [DLA 2050-1] php5 security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 30 Update: php-7.3.13-1.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| myF5 | support.f5.com | ||
| [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| Debian -- Security Information -- DSA-4628-1 php7.0 | DEBIAN | www.debian.org | |
| Debian -- Security Information -- DSA-4626-1 php7.3 | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 30 Update: php-7.3.13-1.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [security-announce] openSUSE-SU-2020:0080-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update | BUGTRAQ | seclists.org | |
| Bugtraq: [SECURITY] [DSA 4628-1] php7.0 security update | BUGTRAQ | seclists.org | |
| PHP :: Sec Bug #78878 :: Buffer underflow in bc_shift_addsub | MISC | bugs.php.net | Mailing List, Patch, Vendor Advisory |
| USN-4239-1: PHP vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| [SECURITY] Fedora 31 Update: php-7.3.13-1.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| December 2019 PHP Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Submitted by thomas-josef dot riedmaier at siemens dot com