CVE-2019-11046
Buffer underflow in bc_shift_addsub
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
We have discovered 571,903 live websites that are affected by CVE-2019-11046.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 571,903 live websites (4.73% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2019-11046 and the relative popularity of websitesDetails
- Published - Dec 17, 2019
- Updated - Jul 23, 2021
Credits
- Submitted by thomas-josef dot riedmaier at siemens dot com
CWE
CVE References
CWE References
Countries
 United States | 109,222 websites |
 France | 242,217 websites |
 Russia | 64,041 websites |
 China | 18,980 websites |
 Germany | 11,556 websites |
 Belgium | 11,366 websites |
 Italy | 11,080 websites |
 Poland | 10,873 websites |
 Spain | 8,792 websites |
 Netherlands | 8,534 websites |
TLDs
| .com | 233,344 websites |
| .fr | 108,531 websites |
| .ru | 62,203 websites |
| .org | 22,565 websites |
| .net | 14,819 websites |
| .be | 12,774 websites |
| .pl | 8,622 websites |
| .it | 8,354 websites |
| .de | 7,057 websites |
| .nl | 6,242 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2019-11046 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=78878
- https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html
- https://security.netapp.com/advisory/ntap-20200103-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
- https://support.f5.com/csp/article/K48866433?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4239-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html
- https://seclists.org/bugtraq/2020/Feb/27
- https://www.debian.org/security/2020/dsa-4626
- https://www.debian.org/security/2020/dsa-4628
- https://seclists.org/bugtraq/2020/Feb/31
- https://seclists.org/bugtraq/2021/Jan/3
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2019-11046
Top websites that are affected by CVE-2019-11046. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.cz |  Czech Republic | *,*** | |
| *.cn | China | *,*** | |
| ***.*.cn | China | *,*** | |
| *****.***.cn | China | *,*** | |
| ***.*****.***.cn | China | *,*** | |
| *****.cn | China | *,*** | |
| ***.*****.cn | China | *,*** | |
| ***.*********.com | China | *,*** | |
| *.***.cn | China | *,*** | |
| ***.*.***.cn | China | *,*** |