Remote Code Execution (RCE)

php is vulnerable to remote code execution. The FPM module write past allocated buffers and into space reserved for the FCGI protocol data. This can potentailly be exploited to execute arbitrary code on the system...

Critical: php71, php72, php73, php56

Issue Overview: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...