Search for vulnerabilities
Vulnerability details: VCID-ad3z-52jk-aaas
Vulnerability ID VCID-ad3z-52jk-aaas
Aliases CVE-2019-11046
Summary In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Low http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11046.html
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11046.json
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.09671 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.1044 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
epss 0.11501 https://api.first.org/data/v1/epss?cve=CVE-2019-11046
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1786567
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2019-11046
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-11046
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-11046
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-11046
generic_textual Low https://ubuntu.com/security/notices/USN-4239-1
generic_textual Low https://usn.ubuntu.com/usn/usn-4239-1
cvssv3.1 9.8 https://www.tenable.com/security/tns-2021-14
generic_textual CRITICAL https://www.tenable.com/security/tns-2021-14
Reference id Reference type URL
http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11046.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11046.json
https://api.first.org/data/v1/epss?cve=CVE-2019-11046
https://bugs.php.net/bug.php?id=78878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
https://seclists.org/bugtraq/2020/Feb/27
https://seclists.org/bugtraq/2020/Feb/31
https://seclists.org/bugtraq/2021/Jan/3
https://security.netapp.com/advisory/ntap-20200103-0002/
https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp%3Butm_medium=RSS
https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-4239-1
https://usn.ubuntu.com/4239-1/
https://usn.ubuntu.com/usn/usn-4239-1
https://www.debian.org/security/2020/dsa-4626
https://www.debian.org/security/2020/dsa-4628
https://www.tenable.com/security/tns-2021-14
1786567 https://bugzilla.redhat.com/show_bug.cgi?id=1786567
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVE-2019-11046 https://nvd.nist.gov/vuln/detail/CVE-2019-11046
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11046.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11046
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11046
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11046
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11046
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.tenable.com/security/tns-2021-14
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.67229
EPSS Score 0.00267
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.