In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2019-12-23T02:40:17.526779Z

Updated: 2024-09-16T17:52:45.661Z

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11046

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-23T03:15:11.710

Modified: 2024-11-21T04:20:26.563

Link: CVE-2019-11046

cve-icon Redhat

Severity : Low

Publid Date: 2019-12-16T00:00:00Z

Links: CVE-2019-11046 - Bugzilla