CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*

History

20 Dec 2022, 21:48

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2021-14 - Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2020/Feb/27 - (BUGTRAQ) https://seclists.org/bugtraq/2020/Feb/27 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS - (CONFIRM) https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS - Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2021/Jan/3 - (BUGTRAQ) https://seclists.org/bugtraq/2021/Jan/3 - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4626 - (DEBIAN) https://www.debian.org/security/2020/dsa-4626 - Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2020/Feb/31 - (BUGTRAQ) https://seclists.org/bugtraq/2020/Feb/31 - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/ - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4239-1/ - (UBUNTU) https://usn.ubuntu.com/4239-1/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4628 - (DEBIAN) https://www.debian.org/security/2020/dsa-4628 - Third Party Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.3
CPE cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Information

Published : 2019-12-23 03:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-11046

Mitre link : CVE-2019-11046

CVE.ORG link : CVE-2019-11046


JSON object : View

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

php

  • php

opensuse

  • leap

tenable

  • securitycenter

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read