CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CVSS v3 8.7 HIGH
CVSS v2.0 7.5 HIGH

8.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/40	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3286	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3287	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3300	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3724	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3735	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3736	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0322	Third Party Advisory
https://bugs.php.net/bug.php?id=78599	Exploit Issue Tracking Patch Vendor Advisory
https://github.com/neex/phuip-fpizdam	Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/44	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0003/	Third Party Advisory
https://support.apple.com/kb/HT210919	Third Party Advisory
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS	Third Party Advisory
https://usn.ubuntu.com/4166-1/	Third Party Advisory
https://usn.ubuntu.com/4166-2/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4552	Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4553	Mailing List Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_36	Third Party Advisory
https://www.tenable.com/security/tns-2021-14	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/40	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3286	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3287	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3300	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3724	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3735	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3736	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0322	Third Party Advisory
https://bugs.php.net/bug.php?id=78599	Exploit Issue Tracking Patch Vendor Advisory
https://github.com/neex/phuip-fpizdam	Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/44	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0003/	Third Party Advisory
https://support.apple.com/kb/HT210919	Third Party Advisory
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS	Third Party Advisory
https://usn.ubuntu.com/4166-1/	Third Party Advisory
https://usn.ubuntu.com/4166-2/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4552	Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4553	Mailing List Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_36	Third Party Advisory
https://www.tenable.com/security/tns-2021-14	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*

Configuration 5 (hide)

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

21 Nov 2024, 04:20

16 Jul 2024, 17:52

07 Nov 2023, 03:02

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/', 'name': 'FEDORA-2019-187ae3128d', 'tags': [], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/', 'name': 'FEDORA-2019-7bb07c3b02', 'tags': [], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/', 'name': 'FEDORA-2019-4adc49a476', 'tags': [], 'refsource': 'FEDORA'} {'url': 'https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS', 'name': 'https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS', 'tags': [], 'refsource': 'CONFIRM'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ - () https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS -

Information

Published : 2019-10-28 15:15

Updated : 2025-02-14 16:43

NVD link : CVE-2019-11043

Mitre link : CVE-2019-11043

CVE.ORG link : CVE-2019-11043

JSON object : View

Products Affected

debian

debian_linux

redhat

enterprise_linux_for_power_little_endian_eus
enterprise_linux
enterprise_linux_server_tus
enterprise_linux_for_power_big_endian
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_scientific_computing
enterprise_linux_server_aus
software_collections
enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux_for_power_big_endian_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_power_little_endian
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_eus_compute_node
enterprise_linux_for_arm_64
enterprise_linux_for_arm_64_eus

tenable

tenable.sc

canonical

ubuntu_linux

fedoraproject

fedora

php

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write

8.7 /10