Debian update for php7.3
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060 |
| CWE-ID | CWE-20 CWE-125 CWE-415 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Debian Linux Operating systems & Components / Operating system php7.3 (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU33363
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded � byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU34944
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11046
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU33364
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11047
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Double Free
EUVDB-ID: #VU55265
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11049
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within mail() function implementation. A remote attacker can pass specially crafted header in lowercase, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU33365
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11050
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU25109
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7059
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when using the "fgetss()" function to read data with stripping tags. A remote attacker can supply data that will cause this function to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU25110
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7060
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when using certain "mbstring" functions to convert multibyte encodings. A remote attacker can supply data that will cause function "mbfl_filt_conv_big5_wchar" to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationUpdate php7.3 package to version 7.3.14-1~deb10u1.
Vulnerable software versionsDebian Linux: All versions
php7.3 (Debian package): before 7.3.14-1~deb10u1
External linkshttp://www.debian.org/security/2020/dsa-4626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
