CVE-2019-11049 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
php	CNA	6.5 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
php	php	7.3.0 ≤ 𝑥 ≤ 7.3.13
php	php	7.4.0
debian	debian_linux	10.0
tenable	securitycenter	𝑥 < 5.19.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php5

bionic	dne
disco	dne
eoan	dne
trusty	not-affected
xenial	dne

php7.0

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	not-affected

php7.2

bionic	not-affected
disco	not-affected
eoan	dne
trusty	dne
xenial	dne

php7.3

bionic	dne
disco	dne
eoan	not-affected
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

https://bugs.php.net/bug.php?id=78943

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/

https://seclists.org/bugtraq/2020/Feb/27

https://security.netapp.com/advisory/ntap-20200103-0002/

https://www.debian.org/security/2020/dsa-4626

https://www.tenable.com/security/tns-2021-14

https://bugs.php.net/bug.php?id=78943

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/

https://seclists.org/bugtraq/2020/Feb/27

https://security.netapp.com/advisory/ntap-20200103-0002/

https://www.debian.org/security/2020/dsa-4626

https://www.tenable.com/security/tns-2021-14