Multiple vulnerabilities in PHP
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Heap use-after-free error
EUVDB-ID: #VU8137
Risk: Medium
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-12932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The vulnerability is addressed in the following versions: 7.0.23, 7.1.9 and 7.2.0.
PHP: 7.0.0 - 7.1.8
CPE2.3- cpe:2.3:a:php_group:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.9:*:*:*:*:*:*:*
https://bugs.php.net/bug.php?id=74103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deserialization of untrusted data
EUVDB-ID: #VU8488
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of the user-input within unserialize () function. A remote attacker with ability to control input data can trigger denial of service (DoS) attack.
MitigationUpdate to version 7.0.23 or 7.1.9.
Vulnerable software versionsPHP: 7.0.0 - 7.1.8
CPE2.3- cpe:2.3:a:php_group:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.10:*:*:*:*:*:*:*
https://bugs.php.net/bug.php?id=75054
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
