[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-11046Date: (C)2019-12-23   (M)2024-04-26


In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
https://seclists.org/bugtraq/2020/Feb/27
https://seclists.org/bugtraq/2020/Feb/31
https://seclists.org/bugtraq/2021/Jan/3
DSA-4626
DSA-4628
FEDORA-2019-437d94e271
FEDORA-2019-a54a622670
USN-4239-1
https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html
https://bugs.php.net/bug.php?id=78878
https://security.netapp.com/advisory/ntap-20200103-0002/
https://support.f5.com/csp/article/K48866433?utm_source=f5support&%3Butm_medium=RSS
https://www.tenable.com/security/tns-2021-14
openSUSE-SU-2020:0080

CPE    4
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/a:php:php
...
CWE    1
CWE-125
OVAL    12
oval:org.secpod.oval:def:705333
oval:org.secpod.oval:def:1601096
oval:org.secpod.oval:def:604754
oval:org.secpod.oval:def:69805
...

© SecPod Technologies