This bug (CVE-2019-11043) only applies to configurations where the following code is present in the location directive:
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
There is also a go test application to see if your server is vulnerable:
https://github.com/neex/phuip-fpizdam
In front of the fastcgi_split_path_info command, insert the following directive:
try_files $uri =404;
This circumvents the buffer underflow bug in PHP-FPM.
Another option is to install the fixed packages of your favorite distribution.