CVE-2019-11043 Information
Share on:Description
In PHP versions 7.1.x below 7.1.33 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data thus opening the possibility of remote code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2020/Jan/40 https://access.redhat.com/errata/RHSA-2019:3286 https://access.redhat.com/errata/RHSA-2019:3287 https://access.redhat.com/errata/RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3300 https://access.redhat.com/errata/RHSA-2019:3724 https://access.redhat.com/errata/RHSA-2019:3735 https://access.redhat.com/errata/RHSA-2019:3736 https://access.redhat.com/errata/RHSA-2020:0322 https://bugs.php.net/bug.php?id=78599 https://github.com/neex/phuip-fpizdam https://lists.fedoraproject.org/archives/list/[email protected]/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ https://lists.fedoraproject.org/archives/list/[email protected]/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ https://lists.fedoraproject.org/archives/list/[email protected]/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ https://seclists.org/bugtraq/2020/Jan/44 https://security.netapp.com/advisory/ntap-20191031-0003/ https://support.apple.com/kb/HT210919 https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS https://usn.ubuntu.com/4166-1/ https://usn.ubuntu.com/4166-2/ https://www.debian.org/security/2019/dsa-4552 https://www.debian.org/security/2019/dsa-4553 https://www.synology.com/security/advisory/Synology_SA_19_36
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8