Infinite loop in php5 (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-5711 |
| CWE-ID | CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
php5 (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Infinite loop
EUVDB-ID: #VU10390
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5711
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a local unauthenticated attacker to cause DoS condition.
The vulnerability exists in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsphp5 (Alpine package): 5.6.30-r0 - 5.6.40-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=3deb517cec296a32e5b25f1a75a48c2026a44af4
http://git.alpinelinux.org/aports/commit/?id=aad758e364da9a69d0d519b619cc6eb2c7d150f8
http://git.alpinelinux.org/aports/commit/?id=0a3f40e0ea5d2b68f902eb4528b17327939ee400
http://git.alpinelinux.org/aports/commit/?id=2af60a5c6e7e457381ff31c346871e7c51812cfa
http://git.alpinelinux.org/aports/commit/?id=34bc5f16da72bed7c42423c3cfe3cc93fc529c46
http://git.alpinelinux.org/aports/commit/?id=451ff1929d8530ffbceb863acaeb212e545c3080
http://git.alpinelinux.org/aports/commit/?id=478332a5a162445bc68e54ef4138ae2a6af382d8
http://git.alpinelinux.org/aports/commit/?id=4a7ccf578f5caf82b4c9120ac266ff49f245549a
http://git.alpinelinux.org/aports/commit/?id=51a3714b5e5cf29bd19d94539add9f98b4a86572
http://git.alpinelinux.org/aports/commit/?id=3836f8ef34d4289d53a268aa6da65cee41c80976
http://git.alpinelinux.org/aports/commit/?id=e98955a2f39f18ae1b42e7fd84f8bbcd4d533690
http://git.alpinelinux.org/aports/commit/?id=c85efb30e1a0fd2e5950c1d99484261caa16779c
http://git.alpinelinux.org/aports/commit/?id=f72329a49b77be5d910dd4f7e923ea3d0fda939b
http://git.alpinelinux.org/aports/commit/?id=39dff559c574e02ce16541bd4875f79ebe1d9e1c
http://git.alpinelinux.org/aports/commit/?id=5e4dbc0d75238b02e3ad3bd55b5ac3a8b74bab3a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
