Wind River Support Network

HomeDefectsLIN8-11696
Fixed

LIN8-11696 : Security Advisory - php - CVE-2019-11043

Created: Oct 31, 2019    Updated: Apr 21, 2022
Resolved Date: Nov 6, 2019
Found In Version: 8.0.0.1
Fix Version: 8.0.0.31
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CREATE(Triage):(User=admin) CVE-2019-11043 (https://nvd.nist.gov/vuln/detail/CVE-2019-11043)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube