Vulnerability Details : CVE-2019-11049
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-11049
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11049
0.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11049
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
2.2
|
4.2
|
PHP Group |
CWE ids for CVE-2019-11049
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by:
- nvd@nist.gov (Primary)
- security@php.net (Secondary)
References for CVE-2019-11049
-
https://www.tenable.com/security/tns-2021-14
[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | TenableĀ®Third Party Advisory
-
https://seclists.org/bugtraq/2020/Feb/27
Bugtraq: [SECURITY] [DSA 4626-1] php7.3 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4626
Debian -- Security Information -- DSA-4626-1 php7.3Third Party Advisory
-
https://bugs.php.net/bug.php?id=78943
PHP :: Sec Bug #78943 :: mail() may release string with refcount==1 twiceMailing List;Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
[SECURITY] Fedora 31 Update: php-7.3.13-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200103-0002/
December 2019 PHP Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
[SECURITY] Fedora 30 Update: php-7.3.13-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to