There are 2 integers wraparound flaws in php-src/main/rfc1867.c that allow a malicious user to crash PHP during a multipart/form-data file upload. A large multipart/form-data variable, or filename, may cause an integer overflow that leads to a subsequent crash. Temporary files are not cleaned up, and could ultimately fill up the file system containing PHP temporary data. Upstream Issues: https://bugs.php.net/bug.php?id=78876 https://bugs.php.net/bug.php?id=78875
Created php tracking bugs for this issue: Affects: fedora-all [bug 1837843]
Upstream fixes : * Fix #78876: Long variables cause OOM and temp files are not cleaned https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 * Fix #78875: Long filenames cause OOM and temp files are not cleaned https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 For php-7.4 : https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add For php-7.3 : https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 For php-7.2 : https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
Note that this issue requires a pathological configuration to trigger; post_max_size must be set to 2GB or higher. Such a configuration allows an effective Denial of Service attack against any server and should never be used in production.
Statement: The severity of this issue is considered Moderate because it requires an unlikely large `post_max_size` to be configured.
Mitigation: Ensure that `post_max_size` is set to a value less than 2GB, or remains default.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3662 https://access.redhat.com/errata/RHSA-2020:3662
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11048
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:5275 https://access.redhat.com/errata/RHSA-2020:5275