First published: Tue Dec 17 2019(Updated: )
Fixed bug (mail() may release string with refcount==1 twice). (CVE-2019-11049)
Credit: security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
<7.3.13 | 7.3.13 | |
PHP PHP | >=7.3.0<=7.3.13 | |
PHP PHP | =7.4.0 | |
Microsoft Windows | ||
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Debian Debian Linux | =10.0 | |
Tenable SecurityCenter | <5.19.0 | |
debian/php7.3 | 7.3.31-1~deb10u1 7.3.31-1~deb10u5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Fixed bug (mail() may release string with refcount==1 twice) is CVE-2019-11049.
The severity of CVE-2019-11049 is critical with a severity value of 9.8.
The affected software for CVE-2019-11049 is PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows.
To fix CVE-2019-11049, you need to upgrade PHP to version 7.3.13 or higher.
More information about CVE-2019-11049 can be found at the following references: [Link 1](https://www.php.net/ChangeLog-7.php#7.3.13), [Link 2](https://bugs.php.net/bug.php?id=78943), [Link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/).