ALT-PU-2019-3306-1

Package update php7-openssl in branch p8

Version7.2.25-alt1.1

Published2019-12-16

Max severityCRITICAL

Severity:

Closed issues (2)

HIGH8.7

Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды

Published: 2020-01-08Modified: 2025-02-18

CVSS 3.xHIGH 8.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:N

References

CVE-2019-11043

CRITICAL9.8

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Published: 2019-10-28Modified: 2025-11-03

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References