CVE-2019-11048

Priority
Description
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below
7.4.6, when HTTP file uploads are allowed, supplying overly long filenames
or field names could lead PHP engine to try to allocate oversized memory
storage, hit the memory limit and stop processing the request, without
cleaning up temporary files created by upload request. This potentially
could lead to accumulation of uncleaned temporary files exhausting the disk
space on the target server.
Assigned-to
leosilva
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (5.3.10-1ubuntu3.47)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.29+esm12)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Patches:
Upstream:https://github.com/microsoft/php-src/commit/a41cbed4532cc4d3d2fd1a8fa1a4ace5bdfcafc9#diff-eb2caada78cc7ed9dbeabe07d25eecf4
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.33-0ubuntu0.16.04.15)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:released (7.2.31)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (7.2.24-0ubuntu0.18.04.6)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
Package
Upstream:released (7.3.18)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):released (7.3.11-0ubuntu0.19.10.6)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
Upstream:https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266
Package
Upstream:released (7.4.6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):released (7.4.3-4ubuntu2.2)
Ubuntu 20.10 (Groovy Gorilla):released (7.4.3-4ubuntu4)
Patches:
Upstream:https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
Upstream:https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266
Upstream:https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add
More Information

Updated: 2020-06-12 12:16:19 UTC (commit 79c1e8c45567cbe10eba1529d599a44093ac31ef)