SB2018071908 - Multiple vulnerabilities in PHP

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Memory leak (CVE-ID: N/A)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to a memory leak when creating a large amount of objects without storing them. A remote attacker can execute the script as an HTTP request, cause memory usage to keep increasing and gain access to arbitrary data or cause the service to crash.

2) Memory corruption (CVE-ID: CVE-2018-14883)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer overflow when processing exif_read_data in any 32-bit system. A remote attacker can trigger heap-based buffer overflow in exif_thumbnail_extract of exif.c and cause the service to crash.

3) Heap-based buffer overflow (CVE-ID: CVE-2018-14851)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow (READ of size 48) while reading exif data. A remote attacker can trigger memory corruption and cause the service to crash.

4) Segmentation fault (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer underflow when unserializing a specially crafted malformed GMP. A remote attacker can segmentation fault and cause the service to crash.

5) Integer overflow (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to Integer overflow when mb_strimwidth returns an empty string for $width > 2147483647. A remote attacker can trigger resource exhaustion in mb_strimwidthc and cause the service to crash.

6) Error handling (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when throwing exception in error handler. A remote attacker can cause the service to crash.

7) Error handling (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a fatal 'Illegal string offset' error when using array assignment on a string reference. A remote attacker can use an error handler that converts errors to exceptions and cause the service to hang.

Remediation

Install update from vendor's website.

References

• https://bugs.php.net/bug.php?id=76520
• https://bugs.php.net/bug.php?id=76423
• https://bugs.php.net/bug.php?id=76557
• https://bugs.php.net/bug.php?id=74670
• https://bugs.php.net/bug.php?id=76532
• https://bugs.php.net/bug.php?id=76536
• https://bugs.php.net/bug.php?id=76534