Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

  • Published: Oct 28, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-11043
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
php / php 7.1.0 7.1.33
php / php 7.2.0 7.2.24
php / php 7.3.0 7.3.11
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 19.04 19.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 19.10 19.10.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
fedoraproject / fedora 29 29.x
fedoraproject / fedora 30 30.x
fedoraproject / fedora 31 31.x
tenable / tenable.sc - 5.19.0
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_for_scientific_computing 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / software_collections 1.0 1.0.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_eus 7.7 7.7.x
redhat / enterprise_linux_eus 8.1 8.1.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_for_power_big_endian_eus 7.7_ppc64 7.7_ppc64.x
redhat / enterprise_linux_server_aus 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.6 8.6.x
redhat / enterprise_linux_eus 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.8 8.8.x
redhat / enterprise_linux_eus 8.8 8.8.x
redhat / enterprise_linux_for_power_little_endian 8.0_ppc64le 8.0_ppc64le.x
redhat / enterprise_linux_for_power_little_endian_eus 8.8_ppc64le 8.8_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.8_s390x 8.8_s390x.x
redhat / enterprise_linux_for_ibm_z_systems 8.0_s390x 8.0_s390x.x
redhat / enterprise_linux_for_arm_64_eus 8.6_aarch64 8.6_aarch64.x
redhat / enterprise_linux_for_arm_64_eus 8.8_aarch64 8.8_aarch64.x
redhat / enterprise_linux_for_arm_64 8.0_aarch64 8.0_aarch64.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.6_s390x 8.6_s390x.x
redhat / enterprise_linux_for_power_little_endian 7.0_ppc64le 7.0_ppc64le.x
redhat / enterprise_linux_for_power_big_endian 7.0_ppc64 7.0_ppc64.x
redhat / enterprise_linux_for_ibm_z_systems 7.0_s390x 7.0_s390x.x
redhat / enterprise_linux_for_power_little_endian_eus 8.6_ppc64le 8.6_ppc64le.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4_ppc64le 8.4_ppc64le.x
redhat / enterprise_linux_eus_compute_node 7.7 7.7.x
redhat / enterprise_linux_for_power_little_endian_eus 7.7_ppc64le 7.7_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems_eus 7.7_s390x 7.7_s390x.x
redhat / enterprise_linux_for_power_big_endian 6.0_ppc64 6.0_ppc64.x
redhat / enterprise_linux_for_ibm_z_systems 6.0_s390x 6.0_s390x.x
redhat / enterprise_linux_for_arm_64_eus 8.4_aarch64 8.4_aarch64.x
redhat / enterprise_linux_for_arm_64_eus 8.2_aarch64 8.2_aarch64.x
redhat / enterprise_linux_for_arm_64_eus 8.1_aarch64 8.1_aarch64.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2_ppc64le 8.2_ppc64le.x
redhat / enterprise_linux_for_power_little_endian_eus 8.1_ppc64le 8.1_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4_s390x 8.4_s390x.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.2_s390x 8.2_s390x.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.1_s390x 8.1_s390x.x