{"api_version":"1","generated_at":"2026-04-23T02:12:37+00:00","cve":"CVE-2019-11044","urls":{"html":"https://cve.report/CVE-2019-11044","api":"https://cve.report/api/cve/CVE-2019-11044.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11044","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11044"},"summary":{"title":"CVE-2019-11044","description":"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.","state":"PUBLIC","assigner":"security@php.net","published_at":"2019-12-23 03:15:00","updated_at":"2023-11-07 03:02:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","name":"FEDORA-2019-a54a622670","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: php-7.3.13-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","name":"FEDORA-2019-437d94e271","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: php-7.3.13-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.php.net/bug.php?id=78862","name":"https://bugs.php.net/bug.php?id=78862","refsource":"MISC","tags":["Exploit","Mailing List","Patch","Vendor Advisory"],"title":"PHP :: Sec Bug #78862 :: link() silently truncates after a null byte on Windows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.tenable.com/security/tns-2021-14","name":"https://www.tenable.com/security/tns-2021-14","refsource":"CONFIRM","tags":[],"title":"[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/","name":"FEDORA-2019-437d94e271","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 30 Update: php-7.3.13-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/","name":"FEDORA-2019-a54a622670","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: php-7.3.13-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200103-0002/","name":"https://security.netapp.com/advisory/ntap-20200103-0002/","refsource":"CONFIRM","tags":[],"title":"December 2019 PHP Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11044","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11044","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Submitted by ryat at php.net","lang":""}],"nvd_cpes":[{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"7.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"7.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"7.2.26","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"7.3.13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11044","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"securitycenter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-11044","qid":"296076","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 19.3.0 Missing (CPUJAN2020)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@php.net","DATE_PUBLIC":"2019-12-17T03:02:00.000Z","ID":"CVE-2019-11044","STATE":"PUBLIC","TITLE":"link() silently truncates after a null byte on Windows"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"platform":"Windows","version_affected":"<","version_name":"7.2.x","version_value":"7.2.26"},{"platform":"Windows","version_affected":"<","version_name":"7.3.x","version_value":"7.3.13"},{"platform":"Windows","version_affected":"<","version_name":"7.4.x","version_value":"7.4.1"}]}}]},"vendor_name":"PHP Group"}]}},"credit":[{"lang":"eng","value":"Submitted by ryat at php.net"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-170 Improper Null Termination"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://bugs.php.net/bug.php?id=78862","name":"https://bugs.php.net/bug.php?id=78862"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200103-0002/","url":"https://security.netapp.com/advisory/ntap-20200103-0002/"},{"refsource":"FEDORA","name":"FEDORA-2019-437d94e271","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"},{"refsource":"FEDORA","name":"FEDORA-2019-a54a622670","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"},{"refsource":"CONFIRM","name":"https://www.tenable.com/security/tns-2021-14","url":"https://www.tenable.com/security/tns-2021-14"}]},"source":{"defect":["https://bugs.php.net/bug.php?id=78862"],"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2019-12-23 03:15:00","lastModifiedDate":"2023-11-07 03:02:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndIncluding":"7.3.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.26","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11044","Ordinal":"149325","Title":"CVE-2019-11044","CVE":"CVE-2019-11044","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11044","Ordinal":"1","NoteData":"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11044","Ordinal":"2","NoteData":"2019-12-22","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11044","Ordinal":"3","NoteData":"2021-07-22","Type":"Other","Title":"Modified"}]}}}