VYPR
Unrated severityNVD Advisory· Published May 20, 2020· Updated Sep 16, 2024

Temporary files are not cleaned after OOM when parsing HTTP request data

CVE-2019-11048

Description

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

62

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.