cbcvebase.
CVE-2019-11039
published 2019-06-19

CVE-2019-11039: Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer…

PriorityP343critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
3.13%
86.2th percentile
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
opensuseleap
opensuseleap
phpphp>= 7.1.0 < 7.1.307.1.30
phpphp>= 7.2.0 < 7.2.197.2.19
phpphp>= 7.3.0 < 7.3.67.3.6
php5php5>= 0 < 5.5.9+dfsg-1ubuntu4.29+esm35.5.9+dfsg-1ubuntu4.29+esm3
php_groupphp
php_groupphp
php_groupphp
redhatsoftware_collections

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv3.04.2MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.