Multiple vulnerabilities in PHP



Published: 2018-07-19
Risk Low
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2018-14883
CVE-2018-14851
CWE-ID CWE-401
CWE-122
CWE-190
CWE-191
CWE-400
CWE-388
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		PHP
Universal components / Libraries / Scripting languages

Vendor PHP Group

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU13914

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to a memory leak when creating a large amount of objects without storing them. A remote attacker can execute the script as an HTTP request, cause memory usage to keep increasing and gain access to arbitrary data or cause the service to crash.

Mitigation

Update to version 7.2.8.

Vulnerable software versions

PHP: 7.2.0 - 7.2.7

External links

http://bugs.php.net/bug.php?id=76520


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU13915

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14883

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer overflow when processing exif_read_data in any 32-bit system. A remote attacker can trigger heap-based buffer overflow in exif_thumbnail_extract of exif.c and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 5.6.37, 7.0.31, 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 5.6.36 - 7.2.7

External links

http://bugs.php.net/bug.php?id=76423


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU13916

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14851

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow (READ of size 48) while reading exif data. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 5.6.37, 7.0.31, 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 5.6.36 - 7.2.7

External links

http://bugs.php.net/bug.php?id=76557


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Segmentation fault

EUVDB-ID: #VU13917

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer underflow when unserializing a specially crafted malformed GMP. A remote attacker can segmentation fault and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

External links

http://bugs.php.net/bug.php?id=74670


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU13918

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to Integer overflow when mb_strimwidth returns an empty string for $width > 2147483647. A remote attacker can trigger resource exhaustion in mb_strimwidthc and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

External links

http://bugs.php.net/bug.php?id=76532


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Error handling

EUVDB-ID: #VU13919

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when throwing exception in error handler. A remote attacker can cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

External links

http://bugs.php.net/bug.php?id=76536


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Error handling

EUVDB-ID: #VU13920

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a fatal 'Illegal string offset' error when using array assignment on a string reference. A remote attacker can use an error handler that converts errors to exceptions and cause the service to hang.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

External links

http://bugs.php.net/bug.php?id=76534


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###