PublicDateAtUSN: 2020-05-20 08:15:00 UTC Candidate: CVE-2019-11048 PublicDate: 2020-05-20 08:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048 https://ubuntu.com/security/notices/USN-4375-1 Description: In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. Ubuntu-Description: Notes: Mitigation: Bugs: https://bugs.php.net/bug.php?id=78875 https://bugs.php.net/bug.php?id=78876 Priority: medium Discovered-by: Assigned-to: leosilva CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM] Patches_php5: upstream: https://github.com/microsoft/php-src/commit/a41cbed4532cc4d3d2fd1a8fa1a4ace5bdfcafc9#diff-eb2caada78cc7ed9dbeabe07d25eecf4 upstream_php5: needs-triage precise/esm_php5: released (5.3.10-1ubuntu3.47) trusty_php5: ignored (out of standard support) trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.29+esm12) xenial_php5: DNE bionic_php5: DNE eoan_php5: DNE focal_php5: DNE devel_php5: DNE Patches_php7.0: upstream_php7.0: needs-triage precise/esm_php7.0: DNE trusty_php7.0: DNE trusty/esm_php7.0: DNE xenial_php7.0: released (7.0.33-0ubuntu0.16.04.15) esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.15) bionic_php7.0: DNE eoan_php7.0: DNE focal_php7.0: DNE devel_php7.0: DNE Patches_php7.2: upstream: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 upstream_php7.2: released (7.2.31) precise/esm_php7.2: DNE trusty_php7.2: DNE trusty/esm_php7.2: DNE xenial_php7.2: DNE bionic_php7.2: released (7.2.24-0ubuntu0.18.04.6) eoan_php7.2: DNE focal_php7.2: DNE devel_php7.2: DNE Patches_php7.3: upstream: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 upstream: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 upstream_php7.3: released (7.3.18) precise/esm_php7.3: DNE trusty_php7.3: DNE trusty/esm_php7.3: DNE xenial_php7.3: DNE bionic_php7.3: DNE eoan_php7.3: released (7.3.11-0ubuntu0.19.10.6) focal_php7.3: DNE devel_php7.3: DNE Patches_php7.4: upstream: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 upstream: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 upstream: https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add upstream_php7.4: released (7.4.6) precise/esm_php7.4: DNE trusty_php7.4: DNE trusty/esm_php7.4: DNE xenial_php7.4: DNE bionic_php7.4: DNE eoan_php7.4: DNE focal_php7.4: released (7.4.3-4ubuntu2.2) devel_php7.4: released (7.4.3-4ubuntu4)