Lucene search

K

[email protected]NVD:CVE-2019-11042

HistoryAug 09, 2019 - 8:15 p.m.

CVE-2019-11042

2019-08-0920:15:11

CWE-125

[email protected]

web.nvd.nist.gov

7

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

68.4%

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Affected configurations

Nvd

Node

phpphpRange7.1.0–7.1.31

OR

phpphpRange7.2.0–7.2.21

OR

phpphpRange7.3.0–7.3.8

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

OR

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch12.04esm

OR

canonicalubuntu_linuxMatch14.04esm

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

OR

canonicalubuntu_linuxMatch19.04

Node

applemac_os_xRange<10.15.1

Node

opensuseleapMatch15.0

Node

redhatsoftware_collectionsMatch1.0

Node

tenabletenable.scRange<5.19.0

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html

seclists.org/fulldisclosure/2019/Oct/15

seclists.org/fulldisclosure/2019/Oct/55

access.redhat.com/errata/RHSA-2019:3299

bugs.php.net/bug.php?id=78256

lists.debian.org/debian-lts-announce/2019/08/msg00010.html

seclists.org/bugtraq/2019/Oct/9

seclists.org/bugtraq/2019/Sep/35

seclists.org/bugtraq/2019/Sep/38

security.netapp.com/advisory/ntap-20190822-0003/

support.apple.com/kb/HT210634

support.apple.com/kb/HT210722

usn.ubuntu.com/4097-1/

usn.ubuntu.com/4097-2/

www.debian.org/security/2019/dsa-4527

www.debian.org/security/2019/dsa-4529

www.tenable.com/security/tns-2021-14

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

68.4%

Related for NVD:CVE-2019-11042

alpinelinux1 cvelist1 hackerone1 cve1 prion1 debiancve1 redhatcve1 symantec1 ubuntucve1 osv8 nessus48 ubuntu2 altlinux4 openvas24 amazon2 mageia1 suse1 debian3 threatpost1 almalinux2 redhat3 oraclelinux2 rocky2 ibm1 apple4