|Description||In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DLA-2160-1, DSA-4717-1, DSA-4719-1|
Vulnerable and fixed packages
The table below lists information on source packages.
|php7.3 (PTS)||buster, buster (security)||7.3.19-1~deb10u1||fixed|
|php7.4 (PTS)||bullseye, sid||7.4.11-1||fixed|
The information below is based on the following data on fixed versions.
Fixed in PHP 7.4.3, 7.3.15, 7.2.28
PHP Bug: https://bugs.php.net/79221