php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

Mozilla Firefox ESR < 31.5 Multiple Vulnerabilities

Binary data 701251.prm...

jsc: Stack-buffer-underflow in JSC::Register::pointer

Detailed Report: https://oss-fuzz.com/testcase?key=5763160024023040 Project: jsc Fuzzer: jsfuzzer Job Type: asanjsc Platform Id: linux Crash Type: Stack-buffer-underflow READ 8 Crash Address: 0x7ffcb1a355c8 Crash State: JSC::Register::pointer JSC::CallFrame::callee...

PHP Bug Allows Remote Code-Execution on NGINX Servers

A buffer underflow bug in PHP could allow remote code-execution RCE on targeted NGINX servers. First discovered during a hCorem Capture the Flag competition in September, the bug CVE-2019-11043 exists in the FastCGI directive used in some PHP implementations on NGINX servers, according to...

CVE-2019-11043 Underflow in PHP-FPM can lead to RCE

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

Debian DLA-1970-1 : php5 security update

Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in particular PATHINFO handling. For a full list of preconditions, check:...

[SECURITY] [DLA 1970-1] php5 security update

Package : php5 Version : 5.6.40+dfsg-0+deb8u7 CVE ID : CVE-2019-11043 Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in...

[ASA-201910-14] php: arbitrary code execution

Arch Linux Security Advisory ASA-201910-14 ========================================== Severity: Critical Date : 2019-10-25 CVE-ID : CVE-2019-11043 Package : php Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1052 Summary ======= The package php before versi...

Internet Bug Bounty: CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm

The vulnerability exists in php-fpm because of missing bounds check in fpmmain.c. If the FastCGI variable PATHINFO is empty, the underflow happens when the code tries to calculate the value of the pathinfo variable. An invalid pointer in pathinfo leads to a single byte out-of-bounds write, which...

CVE-2017-0898

A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter...

CVE-2009-1959

Off-by-one error in the eventwallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service crash via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow...

Xpdf CVE-2019-16115 Buffer Underflow Vulnerability

Description Xpdf is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this ha...

emacs, mercurial security update

CentOS Errata and Security Advisory CESA-2019:2276 An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

CentOS 7 : mercurial (CESA-2019:2276)

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Scientific Linux Security Update : mercurial on SL7.x x86_64 (20190806)

Security Fixes : - mercurial: Buffer underflow in mpatch.c:mpatchapply CVE-2018-13347 - mercurial: HTTP server permissions bypass CVE-2018-1000132 - mercurial: Missing check for fragment start position in mpatch.c:mpatchapply CVE-2018-13346 C Tenable Network Security, Inc. The descriptive text is...

RHEL 7 : mercurial (RHSA-2019:2276)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2276 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Securi...

mercurial: Buffer underflow in mpatch.c:mpatch_apply()

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...

Moderate: Red Hat Security Advisory: mercurial security update

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2019-2238

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial...

CVE-2019-2238

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial...