CVE-2019-11049
mail() may release string with refcount==1 twice
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
En PHP versiones 7.3.x por debajo de 7.3.13 y 7.4.0 en Windows, al suministrar encabezados personalizados para la función mail(), debido a un error introducido en el commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, si el encabezado se suministra en minúsculas, esto puede resultar en una doble liberación de ciertas ubicaciones de memoria.
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-09 CVE Reserved
- 2019-12-23 CVE Published
- 2024-09-16 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://seclists.org/bugtraq/2020/Feb/27 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200103-0002 | Third Party Advisory |
|
| https://www.tenable.com/security/tns-2021-14 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=78943 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.3.0 <= 7.3.13 Search vendor "Php" for product "Php" and version " >= 7.3.0 <= 7.3.13" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.4.0 Search vendor "Php" for product "Php" and version "7.4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Tenable Search vendor "Tenable" | Securitycenter Search vendor "Tenable" for product "Securitycenter" | < 5.19.0 Search vendor "Tenable" for product "Securitycenter" and version " < 5.19.0" | - |
Affected
| ||||||