CVE-2019-11043

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11043
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11043.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-11043
Downstream
Related
Published
2019-10-28T15:15:13.863Z
Modified
2026-02-02T21:34:35.463599Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0221e9f827632942225586687a33cfd554860d5e
Fixed
326cd05dae2eb411d5fdacede8a4bfa7a0798182
Introduced
52ace952a1b65ca80fc2617f11c2fa6dd03f51bd
Fixed
335008f6b2040e34cc3253b83e4a6377a95d6e6c
Introduced
8148cbb78841c8ec0759c0836e7f35dec799d300
Fixed
d41dd0b518cd831c50d0f441aa5fc561d55bff66

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11043.json"