CVE-2019-11049
mail() may release string with refcount==1 twiceIn PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
We have discovered 378,377 live websites that are affected by CVE-2019-11049.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.3 before 7.3.13
- from 7.4 before 7.4.1
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 378,377 live websites (3.13% of PHP install base) |
Common Weakness Enumeration
CWE-415 Double Free
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2019-11049 and the relative popularity of websites