In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
References
Link | Resource |
---|---|
https://bugs.php.net/bug.php?id=78862 | Exploit Mailing List Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/ | |
https://security.netapp.com/advisory/ntap-20200103-0002/ | Third Party Advisory |
https://www.tenable.com/security/tns-2021-14 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: php
Published: 2019-12-17T00:00:00
Updated: 2021-07-22T17:06:21
Reserved: 2019-04-09T00:00:00
Link: CVE-2019-11044
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-23T03:15:10.913
Modified: 2023-11-07T03:02:38.067
Link: CVE-2019-11044
JSON object: View
Redhat Information
No data.
CWE