CVE-2019-11039 - OpenCVE

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Php	Php
Redhat	Software Collections
Opensuse	Leap

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2519	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299	Third Party Advisory
https://bugs.php.net/bug.php?id=78069	Exploit Patch Vendor Advisory
https://seclists.org/bugtraq/2019/Sep/35	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/38	Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4527	Third Party Advisory
https://www.debian.org/security/2019/dsa-4529	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: php

Published: 2019-05-28T00:00:00

Updated: 2019-11-01T15:06:18

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11039

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-19T00:15:12.423

Modified: 2020-10-16T12:57:39.370

Link: CVE-2019-11039

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP Group", "versions": [{"status": "affected", "version": "7.1.30"}, {"status": "affected", "version": "7.2.19"}, {"status": "affected", "version": "7.3.6"}]}], "credits": [{"lang": "en", "value": "By maris dot adam at gmail dot com"}], "datePublic": "2019-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-01T15:06:18", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=78069"}, {"name": "openSUSE-SU-2019:1778", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"}, {"name": "RHSA-2019:2519", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/35"}, {"name": "DSA-4527", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4527"}, {"name": "DSA-4529", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=78069"], "discovery": "EXTERNAL"}, "title": "Out-of-bounds read in iconv.c", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@php.net", "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", "ID": "CVE-2019-11039", "STATE": "PUBLIC", "TITLE": "Out-of-bounds read in iconv.c"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_value": "7.1.30"}, {"version_value": "7.2.19"}, {"version_value": "7.3.6"}]}}]}, "vendor_name": "PHP Group"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "By maris dot adam at gmail dot com"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125 Out-of-bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=78069", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=78069"}, {"name": "openSUSE-SU-2019:1778", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"}, {"name": "RHSA-2019:2519", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/35"}, {"name": "DSA-4527", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4527"}, {"name": "DSA-4529", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3299"}]}, "solution": [], "source": {"advisory": "", "defect": ["https://bugs.php.net/bug.php?id=78069"], "discovery": "EXTERNAL"}, "work_around": []}}}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2019-11039", "datePublished": "2019-05-28T00:00:00", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2019-11-01T15:06:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "56CFABDE-1BA0-42D1-B38E-A08F27B2BF16", "versionEndExcluding": "7.1.30", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "2537B4A2-025F-4641-AFCF-82E492378C12", "versionEndExcluding": "7.2.19", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "B91B8478-BF61-468E-A7CC-5F418DDF2EB6", "versionEndExcluding": "7.3.6", "versionStartIncluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash."}, {"lang": "es", "value": "La funci\u00f3n iconv_mime_decode_headers () en las versiones de PHP 7.1.x por debajo de 7.1.30, 7.2.x por debajo de 7.2.19 y 7.3.x por debajo de 7.3.6 puede realizar una lectura fuera del b\u00fafer debido al desbordamiento de enteros al analizar los encabezados MIME. Esto puede llevar a la divulgaci\u00f3n de informaci\u00f3n o colisi\u00f3n."}], "id": "CVE-2019-11039", "lastModified": "2020-10-16T12:57:39.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security@php.net", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-19T00:15:12.423", "references": [{"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"source": "security@php.net", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=78069"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/35"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4527"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4529"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@php.net", "type": "Secondary"}]}