CVE-2019-11043

Q: What is the severity of CVE-2019-11043?

CVE-2019-11043 has a CVSS score of 8.7 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on PHP servers running vulnerable versions with specific FPM configurations. It affects PHP installations where the FPM module is enabled and configured in certain ways, potentially allowing attackers to write past allocated buffers and gain code execution.

8.7 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on PHP servers running vulnerable versions with specific FPM configurations. It affects PHP installations where the FPM module is enabled and configured in certain ways, potentially allowing attackers to write past allocated buffers and gain code execution.

💻 Affected Systems

Products:

Versions: PHP 7.1.x below 7.1.33, 7.2.x below 7.2.24, 7.3.x below 7.3.11

Operating Systems: All operating systems running affected PHP versions

Default Config Vulnerable: ✅ No

Notes: Requires specific FPM (FastCGI Process Manager) configurations; not all PHP installations are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to deploy malware, create backdoors, or exfiltrate sensitive data from web applications.

🟢

If Mitigated

Limited impact with proper network segmentation, WAF rules, and minimal exposed attack surface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available and has been weaponized in real attacks. Exploitation requires specific URL patterns and FPM configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PHP 7.1.33, 7.2.24, 7.3.11 or later

Vendor Advisory: https://access.redhat.com/errata/RHSA-2019:3286

Restart Required: Yes

Instructions:

1. Update PHP to patched version using your package manager (apt-get upgrade php, yum update php, etc.) 2. Restart PHP-FPM service (systemctl restart php-fpm) 3. Restart web server (apache2/nginx) if applicable

🔧 Temporary Workarounds

Disable vulnerable FPM configurations

linux

Modify PHP-FPM configuration to remove vulnerable settings that enable the buffer overflow

Edit php-fpm.conf and ensure 'pm' settings are properly configured
Remove or secure any custom FPM configurations that trigger the vulnerability

Web Application Firewall rules

all

Block malicious requests that exploit the buffer overflow

Add WAF rule to block requests with patterns like /index.php?a=... that trigger the vulnerability

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable PHP servers from critical systems
Deploy web application firewall with specific rules to block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check PHP version with 'php -v' and verify if running affected version. Check FPM configuration files for vulnerable settings.

Check Version:

php -v | head -1

Verify Fix Applied:

After patching, run 'php -v' to confirm version is 7.1.33+, 7.2.24+, or 7.3.11+. Test with known exploit patterns to ensure they no longer work.

📡 Detection & Monitoring

Log Indicators:

Unusual PHP-FPM process crashes
Requests with specific patterns like /index.php?a= followed by buffer overflow attempts
Error logs showing memory corruption in PHP-FPM

Network Indicators:

HTTP requests with crafted query strings targeting PHP files
Unusual traffic patterns to PHP-FPM ports (usually 9000)

SIEM Query:

source="php-fpm.log" AND ("segmentation fault" OR "buffer overflow" OR pattern matching exploit strings)

📊 Metadata

CVE ID: CVE-2019-11043

CVSS v3 Score: 8.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-120

Published: October 28, 2019

Last Updated: November 3, 2025

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/40 Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3286 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3287 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3300 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3724 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3735 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3736 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0322 Third Party Advisory
https://bugs.php.net/bug.php?id=78599 Exploit,Issue Tracking,Patch,Vendor Advisory
https://github.com/neex/phuip-fpizdam Exploit,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/44 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0003/ Third Party Advisory
https://support.apple.com/kb/HT210919 Third Party Advisory
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS Third Party Advisory
https://usn.ubuntu.com/4166-1/ Third Party Advisory
https://usn.ubuntu.com/4166-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4552 Mailing List,Third Party Advisory
https://www.debian.org/security/2019/dsa-4553 Mailing List,Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_36 Third Party Advisory
https://www.tenable.com/security/tns-2021-14 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/40 Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3286 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3287 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3300 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3724 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3735 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3736 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0322 Third Party Advisory
https://bugs.php.net/bug.php?id=78599 Exploit,Issue Tracking,Patch,Vendor Advisory
https://github.com/neex/phuip-fpizdam Exploit,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/44 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0003/ Third Party Advisory
https://support.apple.com/kb/HT210919 Third Party Advisory
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS Third Party Advisory
https://usn.ubuntu.com/4166-1/ Third Party Advisory
https://usn.ubuntu.com/4166-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4552 Mailing List,Third Party Advisory
https://www.debian.org/security/2019/dsa-4553 Mailing List,Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_36 Third Party Advisory
https://www.tenable.com/security/tns-2021-14 Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11043 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux Desktop by Redhat

Enterprise Linux Desktop by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus Compute Node by Redhat

Enterprise Linux For Arm 64 by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Power Big Endian by Redhat

Enterprise Linux For Power Big Endian by Redhat

Enterprise Linux For Power Big Endian Eus by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Scientific Computing by Redhat

Enterprise Linux Server by Redhat

Enterprise Linux Server by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Workstation by Redhat

Enterprise Linux Workstation by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Php by Php

Php by Php

Php by Php

Software Collections by Redhat

Tenable.sc by Tenable

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable FPM configurations

Web Application Firewall rules