Bug 1159855 (CVE-2019-11049)

Summary: VUL-1: CVE-2019-11049: php72,php7: when supplying custom headers to mail() function
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Petr Gajdos <pgajdos>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None    
Version: unspecified   
Target Milestone: unspecified   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/249633/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2019-12-27 14:15:45 UTC
CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom
headers to mail() function, due to mistake introduced in commit
78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in
lowercase, this can result in double-freeing certain memory locations.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11049
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11049.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11049
https://bugs.php.net/bug.php?id=78943
Comment 1 Alexandros Toptsoglou 2019-12-27 14:17:27 UTC
This does not affect versions older than 7.3. Additionally this bug affects only Windows. Closing