CVE-2019-11043

EUVD-2019-2751
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
phpCNA
8.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
phpphp
7.1.0 ≤
𝑥
< 7.1.33
phpphp
7.2.0 ≤
𝑥
< 7.2.24
phpphp
7.3.0 ≤
𝑥
< 7.3.11
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
canonicalubuntu_linux
19.10
debiandebian_linux
9.0
debiandebian_linux
10.0
tenabletenable.sc
𝑥
< 5.19.0
redhatsoftware_collections
1.0
redhatenterprise_linux
8.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
7.7
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus_compute_node
7.7
redhatenterprise_linux_for_arm_64
8.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.1_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.2_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.4_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.6_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.8_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
6.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
7.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
8.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
7.7_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.1_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.2_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.6_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatenterprise_linux_for_power_big_endian
6.0_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian
7.0_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.7_ppc64:_ppc64
redhatenterprise_linux_for_power_little_endian
7.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
7.7_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.1_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.2_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.4_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.6_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatenterprise_linux_for_scientific_computing
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.7
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
bionic
dne
disco
dne
eoan
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.29+esm6
released
xenial
dne
php7.0
bionic
dne
disco
dne
eoan
dne
trusty
dne
xenial
Fixed 7.0.33-0ubuntu0.16.04.7
released
php7.2
bionic
Fixed 7.2.24-0ubuntu0.18.04.1
released
disco
Fixed 7.2.24-0ubuntu0.19.04.1
released
eoan
dne
trusty
dne
xenial
dne
php7.3
bionic
dne
disco
dne
eoan
Fixed 7.3.11-0ubuntu0.19.10.1
released
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Jan/40
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2020:0322
https://bugs.php.net/bug.php?id=78599
https://github.com/neex/phuip-fpizdam
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
https://seclists.org/bugtraq/2020/Jan/44
https://security.netapp.com/advisory/ntap-20191031-0003/
https://support.apple.com/kb/HT210919
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-2/
https://www.debian.org/security/2019/dsa-4552
https://www.debian.org/security/2019/dsa-4553
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.tenable.com/security/tns-2021-14
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Jan/40
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2020:0322
https://bugs.php.net/bug.php?id=78599
https://github.com/neex/phuip-fpizdam
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
https://seclists.org/bugtraq/2020/Jan/44
https://security.netapp.com/advisory/ntap-20191031-0003/
https://support.apple.com/kb/HT210919
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-2/
https://www.debian.org/security/2019/dsa-4552
https://www.debian.org/security/2019/dsa-4553
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.tenable.com/security/tns-2021-14
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11043