VYPR
Unrated severityCISA KEVNVD Advisory· Published Oct 28, 2019· Updated Oct 21, 2025

Underflow in PHP-FPM can lead to RCE

CVE-2019-11043

Description

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

38

Patches

Vulnerability mechanics

References

26

News mentions

0

No linked articles in our index yet.