CVE-2019-11049: mail() may release string with refcount==1 twice

Sec Bug #78943

mail() may release string with refcount==1 twice

Submitted:

2019-12-10 17:12 UTC

Modified:

2019-12-16 19:08 UTC

From:

cmb@php.net

Assigned:

stas (profile)

Status:

Closed

Package:

*Mail Related

PHP Version:

7.3.13RC1

OS:

Windows

Private report:

No

CVE-ID:

2019-11049

Patchesadd-fronk-support (last revision 2022-07-18 03:19 UTC by 1033831147 at qq dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-12-10 17:12 UTC] cmb@php.net

-Type: Bug +Type: Security -Private report: No +Private report: Yes

[2019-12-10 17:37 UTC] cmb@php.net

-PHP Version: 7.2.26RC1 +PHP Version: 7.3.13RC1

[2019-12-10 17:38 UTC] cmb@php.net

-Operating System: * +Operating System: Windows

[2019-12-10 17:38 UTC] cmb@php.net

This affects Windows only.

[2019-12-10 17:45 UTC] cmb@php.net

-Assigned To: +Assigned To: stas

[2019-12-10 20:07 UTC] stas@php.net

Sure. Not clear how this got into PCRE2 patch?

[2019-12-16 19:07 UTC] stas@php.net

-CVE-ID: +CVE-ID: 2019-11049

[2019-12-16 19:07 UTC] stas@php.net

Not sure it’s even exploitable, but since mail could deal with external data, I’ll add a CVE just in case.

[2019-12-16 19:08 UTC] stas@php.net

-Status: Assigned +Status: Closed

[2019-12-16 19:08 UTC] stas@php.net

The fix for this bug has been committed. If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test. Thank you for the report, and for helping us make PHP better.