CVE-2019-11043

Updated: 2024-11-24 03:58:34.727378

Description:

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Known exploits

Added Date Description Due Date Notes
2022-03-25 In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution. 2022-04-15 https://nvd.nist.gov/vuln/detail/CVE-2019-11043

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU php 8.0.30 9.8 CRITICAL Already Fixed 2025-01-10 22:39:49
CentOS 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:34
CentOS 7 ELS php 5.4.16 9.8 CRITICAL Already Fixed 2024-01-22 08:40:42
CentOS 8.4 ELS php 7.4.6 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:34
CentOS 8.5 ELS php 7.4.19 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:34
CentOS Stream 8 ELS php 7.2.24 9.8 CRITICAL Already Fixed 2024-05-15 10:22:51
CloudLinux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:34
CloudLinux 7 ELS php 5.4.16 9.8 CRITICAL Already Fixed 2024-07-23 11:58:28
Oracle Linux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:34
Oracle Linux 7 ELS php 5.4.16 9.8 CRITICAL Already Fixed 2024-12-04 12:04:51
Total: 12