QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-11046

Back to search

CVE-2019-11046

Published: Dec 23, 2019

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

3.7

LOW

Description

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

VendorProductVersions

PHP Group

PHP

affected
7.2.x - < 7.2.26
affected
7.3.x - < 7.3.13
affected
7.4.x - < 7.4.1

Weaknesses (CWE)

CWE-125

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

FEDORA-2019-437d94e271
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-a54a622670
vendor-advisory
x_refsource_FEDORA
USN-4239-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2020:0080
vendor-advisory
x_refsource_SUSE
DSA-4626
vendor-advisory
x_refsource_DEBIAN
DSA-4628
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now