CVE-2019-11049
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 23 Dec 2019, 02:40
Last modified:16 Sept 2024, 20:47
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
2.8% LOW
3% probability +0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Dec 2019, 02:40
Published
Vulnerability first disclosed
16 Sept 2024, 20:47
Last Modified
Vulnerability information updated
Description
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 2.80%• Percentile: 86%
Techniques & Countermeasures
- CWE-415•Double Free
The product calls free() twice on the same memory address.
Affected Systems
- debian•debian_linux
10.0
- fedoraproject•fedora
30 | 31
- Unknown•PHP
≥ 7.3.x, < 7.3.13 | ≥ 7.4.x, < 7.4.1
- Unknown•PHP
≥ 7.3.0, ≤ 7.3.13 | 7.4.0
- tenable•securitycenter
< 5.19.0
References (7)
- https://bugs.php.net/bug.php?id=78943
- https://security.netapp.com/advisory/ntap-20200103-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
- https://seclists.org/bugtraq/2020/Feb/27
- https://www.debian.org/security/2020/dsa-4626
- https://www.tenable.com/security/tns-2021-14