Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-111239
HistoryDec 18, 2019 - 12:00 a.m.

PHP CVE-2019-11047 Heap Buffer Overflow Vulnerability

2019-12-1800:00:00
Symantec Security Response
www.symantec.com
55
JSON

Description

PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP 7.2.x versions prior to 7.2.26, 7.3.x versions prior to 7.3.13 and version 7.4.0 are vulnerable.

Technologies Affected

  • PHP PHP 7.2.0
  • PHP PHP 7.2.1
  • PHP PHP 7.2.12
  • PHP PHP 7.2.13
  • PHP PHP 7.2.14
  • PHP PHP 7.2.16
  • PHP PHP 7.2.17
  • PHP PHP 7.2.18
  • PHP PHP 7.2.19
  • PHP PHP 7.2.2
  • PHP PHP 7.2.25
  • PHP PHP 7.2.3
  • PHP PHP 7.2.4
  • PHP PHP 7.2.5
  • PHP PHP 7.2.6
  • PHP PHP 7.2.7
  • PHP PHP 7.2.8
  • PHP PHP 7.3.0
  • PHP PHP 7.3.1
  • PHP PHP 7.3.10
  • PHP PHP 7.3.11
  • PHP PHP 7.3.12
  • PHP PHP 7.3.2
  • PHP PHP 7.3.3
  • PHP PHP 7.3.4
  • PHP PHP 7.3.5
  • PHP PHP 7.3.6
  • PHP PHP 7.3.7
  • PHP PHP 7.3.8
  • PHP PHP 7.3.9
  • PHP PHP 7.4.0

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Do not accept or execute files from untrusted or unknown sources.
To limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.

Implement multiple redundant layers of security.
As an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality.

Updates are available. Please see the references or vendor advisory for more information.

Related

cve 1
osv 6
prion 1
ubuntucve 1
redhatcve 1
alpinelinux 1
veracode 1
debiancve 1
f5 1
openvas 16
nessus 39
suse 1
altlinux 4
debian 3
ubuntu 1
mageia 1
fedora 2
amazon 3
redhat 2
oraclelinux 1
rocky 1
almalinux 1
cve
cve
CVE-2019-11047
2019-12-23 03:15:00
osv
osv
CVE-2019-11047
2019-12-23 03:15:11
php5 - security update
2019-12-29 00:00:00
php7.3 - security update
2020-02-17 00:00:00
prion
prion
Information disclosure
2019-12-23 03:15:00
ubuntucve
ubuntucve
CVE-2019-11047
2019-12-23 00:00:00
redhatcve
redhatcve
CVE-2019-11047
2019-12-26 10:17:06
alpinelinux
alpinelinux
CVE-2019-11047
2019-12-23 03:15:00
veracode
veracode
Information Disclosure
2020-12-02 09:50:07
debiancve
debiancve
CVE-2019-11047
2019-12-23 03:15:00
f5
f5
K50301222 : PHP EXIF extension vulnerabilities CVE-2019-11047 and CVE-2019-11050
2020-01-22 00:00:00
openvas
openvas
Debian LTS: Security Advisory for php5 (DLA-2050-1)
2019-12-30 00:00:00
PHP < 7.2.26 Multiple Vulnerabilities - Dec19 (Linux)
2019-12-19 00:00:00
Ubuntu Update for php7.3 USN-4239-1
2020-01-16 00:00:00
nessus
nessus
Debian DLA-2050-1 : php5 security update
2019-12-30 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-4239-1)
2020-01-16 00:00:00
SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0267-1)
2020-01-31 00:00:00
suse
suse
Security update for php7 (moderate)
2020-01-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.2.26-alt1
2019-12-20 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.3.13-alt1
2019-12-20 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.3.13-alt1
2019-12-20 00:00:00
debian
debian
[SECURITY] [DLA 2050-1] php5 security update
2019-12-29 22:47:12
[SECURITY] [DSA 4628-1] php7.0 security update
2020-02-18 22:00:11
[SECURITY] [DSA 4626-1] php7.3 security update
2020-02-17 20:39:09
ubuntu
ubuntu
PHP vulnerabilities
2020-01-15 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2019-12-25 22:08:41
fedora
fedora
[SECURITY] Fedora 30 Update: php-7.3.13-1.fc30
2020-01-03 20:36:41
[SECURITY] Fedora 31 Update: php-7.3.13-1.fc31
2020-01-05 00:42:40
amazon
amazon
Medium: php72, php73
2020-02-04 22:42:00
Important: php73
2024-02-01 19:33:00
Important: php72
2024-02-14 20:03:00
redhat
redhat
(RHSA-2020:5275) Moderate: rh-php73-php security, bug fix, and enhancement update
2020-12-01 11:15:07
(RHSA-2020:3662) Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
oraclelinux
oraclelinux
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00
rocky
rocky
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
almalinux
almalinux
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
JSON
Related for SMNTC-111239
cve1osv6prion1ubuntucve1redhatcve1alpinelinux1veracode1debiancve1f51openvas16nessus39suse1altlinux4debian3ubuntu1mageia1fedora2amazon3redhat2oraclelinux1rocky1almalinux1