Bug 1837842 (CVE-2019-11048)
| Summary: | CVE-2019-11048 php: Integer wraparounds when receiving multipart forms | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aogburn, fedora, hhorak, jorton, kyoshida, nbhumkar, rcollet, security-response-team, webstack-team, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | php 7.3.18, php 7.2.31, php 7.4.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-08 13:19:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1837843, 1837913, 1837915, 1837916, 1837918, 1837919, 1837920, 1837921, 1837922, 1837923, 1837924, 1837925, 1838693 | ||
| Bug Blocks: | 1837849 | ||
|
Description
Marian Rehak
2020-05-20 06:35:17 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1837843] Upstream fixes : * Fix #78876: Long variables cause OOM and temp files are not cleaned https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 * Fix #78875: Long filenames cause OOM and temp files are not cleaned https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 For php-7.4 : https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add For php-7.3 : https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 For php-7.2 : https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 Note that this issue requires a pathological configuration to trigger; post_max_size must be set to 2GB or higher. Such a configuration allows an effective Denial of Service attack against any server and should never be used in production. Statement: The severity of this issue is considered Moderate because it requires an unlikely large `post_max_size` to be configured. Mitigation: Ensure that `post_max_size` is set to a value less than 2GB, or remains default. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3662 https://access.redhat.com/errata/RHSA-2020:3662 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11048 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:5275 https://access.redhat.com/errata/RHSA-2020:5275 |