VDB
GSD-2019-11043
GSD-2019-11043
PUBLISHED
CVSS 8.699999809265137 HIGH
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Risk Scores
CVSS v3.1
8.699999809265137
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PHP | PHP | 7.1.x, 7.3.x, * |
Timeline
- Apr 18, 2017 CVE Published
- Oct 28, 2019 PoC Published
- Mar 5, 2020 PoC Published
- Mar 9, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Jun 14, 2023 PoC Published
- Oct 21, 2023 PoC Published
- Dec 24, 2024 PoC Published
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Jan 27, 2026 PoC Published
References
- https://github.com/neex/phuip-fpizdam url
- https://bugs.php.net/bug.php?id=78599 url
- https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS url
- https://www.synology.com/security/advisory/Synology_SA_19_36 url
- FEDORA-2019-4adc49a476 vendor-advisory
- https://security.netapp.com/advisory/ntap-20191031-0003/ url
- FEDORA-2019-187ae3128d vendor-advisory
- FEDORA-2019-7bb07c3b02 vendor-advisory
- openSUSE-SU-2019:2441 vendor-advisory
- openSUSE-SU-2019:2457 vendor-advisory
- 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra mailing-list
- 20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra mailing-list
- https://www.tenable.com/security/tns-2021-14 url
- USN-4166-1 advisory
- DSA-4552 advisory
- DSA-4553 advisory
- USN-4166-2 advisory
- RHSA-2019:3736 advisory
- RHSA-2019:3286 advisory
- RHSA-2019:3299 advisory
…and 8 more