CVE-2019-11046
Buffer underflow in bc_shift_addsub
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
En PHP versiones 7.2.x por debajo de 7.2.26, versiones 7.3.x por debajo de 7.3.13 y 7.4.0, las funciones de extensión bcmath de PHP en algunos sistemas, incluyendo Windows, pueden ser engañadas para que lean más allá del espacio asignado al suministrarle cadenas que contengan caracteres que el sistema operativo identifica como numéricos pero no son números ASCII. Esto puede ser leído para revelar el contenido de algunas ubicaciones de memoria.
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-09 CVE Reserved
- 2019-12-23 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html | Mailing List |
|
| https://seclists.org/bugtraq/2020/Feb/27 | Mailing List |
|
| https://seclists.org/bugtraq/2020/Feb/31 | Mailing List |
|
| https://seclists.org/bugtraq/2021/Jan/3 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200103-0002 | Third Party Advisory |
|
| https://support.f5.com/csp/article/K48866433?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm | |
| https://www.tenable.com/security/tns-2021-14 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=78878 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.2.0 <= 7.2.26 Search vendor "Php" for product "Php" and version " >= 7.2.0 <= 7.2.26" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.3.0 <= 7.3.13 Search vendor "Php" for product "Php" and version " >= 7.3.0 <= 7.3.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.4.0 Search vendor "Php" for product "Php" and version "7.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Tenable Search vendor "Tenable" | Securitycenter Search vendor "Tenable" for product "Securitycenter" | < 5.19.0 Search vendor "Tenable" for product "Securitycenter" and version " < 5.19.0" | - |
Affected
| ||||||