Fedora 28 update for php
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-19935 CVE-2018-19518 |
| CWE-ID | CWE-476 CWE-77 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system php Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU16914
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in imap_mail if message args is null. A remote attacker can trigger NULL pointer dereference in imap_mail and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
php: before 7.2.13-2.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dfe1f0bac6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU16315
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in _php_imap_mail when improper check of wheater message. A remote attacker can supply specially crafted message, trigger NULL pointer dereference and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
php: before 7.2.13-2.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dfe1f0bac6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Command injection
EUVDB-ID: #VU16067
Risk: Low
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2018-19518
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to inject and execute arbitrary commands.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
php: before 7.2.13-2.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dfe1f0bac6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
