PublicDateAtUSN: 2019-12-23 03:15:00 UTC Candidate: CVE-2019-11046 PublicDate: 2019-12-23 03:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046 http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196 https://ubuntu.com/security/notices/USN-4239-1 Description: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. Ubuntu-Description: Notes: Mitigation: Bugs: http://bugs.php.net/78878 Priority: low Discovered-by: Assigned-to: leosilva CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH] Patches_php5: upstream_php5: needs-triage precise/esm_php5: released (5.3.10-1ubuntu3.42) trusty_php5: ignored (out of standard support) trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.29+esm8) xenial_php5: DNE bionic_php5: DNE disco_php5: DNE eoan_php5: DNE devel_php5: DNE Patches_php7.0: upstream_php7.0: needs-triage precise/esm_php7.0: DNE trusty_php7.0: DNE trusty/esm_php7.0: DNE xenial_php7.0: released (7.0.33-0ubuntu0.16.04.9) esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.9) bionic_php7.0: DNE disco_php7.0: DNE eoan_php7.0: DNE devel_php7.0: DNE Patches_php7.2: upstream_php7.2: released (7.2.26) precise/esm_php7.2: DNE trusty_php7.2: DNE trusty/esm_php7.2: DNE xenial_php7.2: DNE bionic_php7.2: released (7.2.24-0ubuntu0.18.04.2) disco_php7.2: released (7.2.24-0ubuntu0.19.04.2) eoan_php7.2: DNE devel_php7.2: DNE Patches_php7.3: upstream: http://git.php.net/?p=php-src.git;a=commit;h=eb23c6008753b1cdc5359dead3a096dce46c9018 upstream_php7.3: released (7.3.13) precise/esm_php7.3: DNE trusty_php7.3: DNE trusty/esm_php7.3: DNE xenial_php7.3: DNE bionic_php7.3: DNE disco_php7.3: DNE eoan_php7.3: released (7.3.11-0ubuntu0.19.10.2) devel_php7.3: released (7.3.11-0ubuntu1)