CVE-2019-11049
- Source
- https://cve.org/CVERecord?id=CVE-2019-11049
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11049.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11049
- Downstream
- Related
- Published
- 2019-12-23T03:15:11.897Z
- Modified
- 2026-03-15T22:29:23.212377Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
- https://www.tenable.com/security/tns-2021-14
- https://seclists.org/bugtraq/2020/Feb/27
- https://security.netapp.com/advisory/ntap-20200103-0002/
- https://www.debian.org/security/2020/dsa-4626
- https://bugs.php.net/bug.php?id=78943
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.3.0" }, { "last_affected": "7.3.13" }, { "introduced": "0" }, { "last_affected": "7.4.0" } ] }
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.19.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11049.json"