CVE-2019-11043
Underflow in PHP-FPM can lead to RCE
In short
A memory overflow flaw in PHP-FPM allows attackers to write beyond allocated memory limits, potentially enabling them to execute arbitrary code remotely on affected servers running vulnerable PHP versions.
Technical detail
An underflow vulnerability in PHP-FPM (CWE-120) permits writes past allocated buffer boundaries into FCGI protocol space under specific FPM configurations. The attack vector is network-based through FCGI requests, affecting PHP 7.1.x < 7.3.11, 7.2.x < 7.2.24, and 7.3.x < 7.3.11, with impact of remote code execution.
Summary generated and translated by AI from the official description.
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected products
PHP · PHPpublic PoCs found — 30
githubgithub.com/neex/phuip-fpizdam★ 1835githubgithub.com/theMiddleBlue/CVE-2019-11043★ 146githubgithub.com/jas502n/CVE-2019-11043★ 105githubgithub.com/akamajoris/CVE-2019-11043-Docker★ 27githubgithub.com/k8gege/CVE-2019-11043★ 16githubgithub.com/kriskhub/CVE-2019-11043★ 14githubgithub.com/0th3rs-Security-Team/CVE-2019-11043★ 14githubgithub.com/ypereirareis/docker-CVE-2019-11043★ 8githubgithub.com/huowen/CVE-2019-11043★ 5githubgithub.com/AleWong/PHP-FPM-Remote-Code-Execution-Vulnerability-CVE-2019-11043-★ 4githubgithub.com/lindemer/CVE-2019-11043★ 4githubgithub.com/CodeHex083/phuip-fpizdam★ 3githubgithub.com/MRdoulestar/CVE-2019-11043★ 3githubgithub.com/jptr218/php_hack★ 2githubgithub.com/fairyming/CVE-2019-11043★ 1githubgithub.com/moniik/CVE-2019-11043_env★ 1githubgithub.com/shadow-horse/cve-2019-11043★ 1githubgithub.com/jas9reet/CVE-2019-11043★ 0githubgithub.com/B1gd0g/CVE-2019-11043★ 0githubgithub.com/tinker-li/CVE-2019-11043★ 0githubgithub.com/ianxtianxt/CVE-2019-11043★ 0githubgithub.com/alokaranasinghe/cve-2019-11043★ 0githubgithub.com/corifeo/CVE-2019-11043★ 0githubgithub.com/bayazid-bit/CVE-2019-11043★ 0githubgithub.com/a1ex-var1amov/ctf-cve-2019-11043★ 0githubgithub.com/AndrewMas99/CVE-2019-11043-Vulnerability★ 0githubgithub.com/gon905332-jpg/cve-2019-11043.py★ 0exploitdbwww.exploit-db.com/exploits/47553unverifiedcve_referencepacketstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48182unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.htmlhttp://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.htmlhttps://access.redhat.com/errata/RHSA-2019:3286https://access.redhat.com/errata/RHSA-2019:3287https://access.redhat.com/errata/RHSA-2019:3299https://access.redhat.com/errata/RHSA-2019:3300https://access.redhat.com/errata/RHSA-2019:3724https://access.redhat.com/errata/RHSA-2019:3735https://access.redhat.com/errata/RHSA-2019:3736https://access.redhat.com/errata/RHSA-2020:0322https://bugs.php.net/bug.php?id=78599