CVE Vulnerability

CVE-2019-11039

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugs.php.net/bug.php?id=78069 Exploit Patch
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2519 Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/35 Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4527 Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/38 Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4529 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Information

Published : 2019-06-19 12:15

Updated : 2020-10-16 12:57

NVD link : CVE-2019-11039

Mitre link : CVE-2019-11039

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read

CWE-190