{ "threat_severity" : "Moderate", "public_date" : "2020-05-14T00:00:00Z", "bugzilla" : { "description" : "php: Integer wraparounds when receiving multipart forms", "id" : "1837842", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1837842" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-190", "details" : [ "In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.", "A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service." ], "statement" : "The severity of this issue is considered Moderate because it requires an unlikely large `post_max_size` to be configured.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-09-08T00:00:00Z", "advisory" : "RHSA-2020:3662", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "php:7.3-8020020200715124551.ceb1cf90" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2020-12-01T00:00:00Z", "advisory" : "RHSA-2020:5275", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php73-php-0:7.3.20-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2020-12-01T00:00:00Z", "advisory" : "RHSA-2020:5275", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php73-php-0:7.3.20-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date" : "2020-12-01T00:00:00Z", "advisory" : "RHSA-2020:5275", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php73-php-0:7.3.20-1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "php53", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "php:7.2/php", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-php72-php", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-11048\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11048" ], "name" : "CVE-2019-11048", "mitigation" : { "value" : "Ensure that `post_max_size` is set to a value less than 2GB, or remains default.", "lang" : "en:us" }, "csaw" : false }