In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: php
Published: 2019-10-28T14:19:04.252868Z
Updated: 2024-09-16T23:31:14.209Z
Reserved: 2019-04-09T00:00:00
Link: CVE-2019-11043
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-10-28T15:15:13.863
Modified: 2024-11-21T04:20:26.040
Link: CVE-2019-11043
Redhat