VYPR
Unrated severityNVD Advisory· Published Dec 23, 2019· Updated Sep 16, 2024

Buffer underflow in bc_shift_addsub

CVE-2019-11046

Description

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

30

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.