Your submission was sent successfully! Close

CVE-2019-11048

Published: 20 May 2020

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

focal Does not exist

precise
Released (5.3.10-1ubuntu3.47)
trusty
Released (5.5.9+dfsg-1ubuntu4.29+esm12)
upstream Needs triage

xenial Does not exist

Patches:
upstream: https://github.com/microsoft/php-src/commit/a41cbed4532cc4d3d2fd1a8fa1a4ace5bdfcafc9#diff-eb2caada78cc7ed9dbeabe07d25eecf4






php7.0
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

focal Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (7.0.33-0ubuntu0.16.04.15)
php7.2
Launchpad, Ubuntu, Debian
bionic
Released (7.2.24-0ubuntu0.18.04.6)
eoan Does not exist

focal Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.2.31)
xenial Does not exist

Patches:

upstream: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87





php7.3
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan
Released (7.3.11-0ubuntu0.19.10.6)
focal Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.3.18)
xenial Does not exist

Patches:


upstream: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
upstream: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266



php7.4
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

focal
Released (7.4.3-4ubuntu2.2)
precise Does not exist

trusty Does not exist

upstream
Released (7.4.6)
xenial Does not exist

Patches:




upstream: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
upstream: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266
upstream: https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add