Endpoint Vulnerability

CVE-2019-11043php: underflow in env_path_info in fpm_main.c

Description

php-fpm was discovered to be have an out-of-bounds write vulnerability that could be triggered under certain configurations when running behind nginx. If a request could manipulate the PATH_INFO value in specific ways, this could lead to memory corruption and potentially arbitrary code execution.

Affected Products

php

References

CVE-2019-11043,