In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2019-12-23T02:40:17.130519Z

Updated: 2024-09-16T17:32:41.178Z

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11045

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-23T03:15:11.630

Modified: 2023-11-07T03:02:38.190

Link: CVE-2019-11045

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-12-22T00:00:00Z

Links: CVE-2019-11045 - Bugzilla