CVE-2019-11039
Published: 3 June 2019
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
Patches: upstream: https://github.com/microsoft/php-src/commit/aabd02d6dd1eab180486cff933dc8d08d4297e38 |
||
php7.0 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
xenial |
Released
(7.0.33-0ubuntu0.16.04.5)
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
php7.2 Launchpad, Ubuntu, Debian |
upstream |
Released
(7.2.19)
|
xenial |
Does not exist
|
|
bionic |
Released
(7.2.19-0ubuntu0.18.04.1)
|
|
cosmic |
Released
(7.2.19-0ubuntu0.18.10.1)
|
|
disco |
Released
(7.2.19-0ubuntu0.19.04.1)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=7cf7148a8f8f4f55fb04de2a517d740bb6253eac |
||
php7.3 Launchpad, Ubuntu, Debian |
upstream |
Released
(7.3.6)
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |