Multiple vulnerabilities in PHP

Published: 2018-12-07 16:09:53
Severity Low
Patch available YES
Number of vulnerabilities 15
CVE ID CVE-2018-19935
CVE-2018-19158
CVSSv3 6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
6.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CWE ID CWE-264
CWE-476
CWE-78
CWE-122
CWE-835
CWE-20
CWE-119
CWE-611
CWE-401
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #13 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #15 is available.
Vulnerable software PHP
Vulnerable software versions PHP 5.6.38
PHP 5.6.37
PHP 5.6.36

Show more

Vendor URL PHP Group

Security Advisory

1) Segmentation fault

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segfault when using convert.quoted-printable-encode filter. A remote attacker can trigger segmentation fault and cause the service to crash.

Remediation

The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0.

External links

https://bugs.php.net/bug.php?id=77231

2) NULL pointer dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in _php_imap_mail when improper check of wheater message. A remote attacker can supply specially crafted message, trigger NULL pointer dereference and cause the service to crash.

Remediation

The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.3.0.

External links

https://bugs.php.net/bug.php?id=77020

3) OS command injection

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The weakness exists due to OS command injection in imap_open. A remote attacker can bypass disabled exec functions in PHP and run arbitrary shell commands via mailbox parameter.

Remediation

The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.1.25, 7.3.0.

External links

https://bugs.php.net/bug.php?id=77153

4) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow while fuzzing with AFL using an ASAN instrumented PHP. A remote attacker can disable the ZEND allocator, use ASAN (or valgrind/etc?) with a crafted phar as input, trigger memory corruption and cause the service to crash.

Remediation

The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0.

External links

https://bugs.php.net/bug.php?id=77143

5) Segmentation fault

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segfault when removing part "" wsdl SoapClient. A remote attacker can trigger WSDL_CACHE_MEMORY and cause the service to crash.

Remediation

The vulnerability has been fixed in the versions 7.1.25, 7.2.13.

External links

https://bugs.php.net/bug.php?id=76348

6) Infinite loop

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop. A remote attacker can run the test script without Opcache works fine, but with Opcache enabled to cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=76466

7) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error if response headers have been already sent or when calling session_id($id) before session_start(). A remote attacker can send response headers and cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=74941

8) Segmentation fault

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segmentation fault. A remote attacker can trigger recursion and cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=74977

9) Memory corruption

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error. A remote attacker can trigger memory corruption and segmentation fault to cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=76818

10) Segmentation fault

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segfault while running PHPUnit tests of one of the libraries. A remote attacker can trigger segmentation fault to cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=76713

11) XXE attack

Description

The vulnerability allows a remote attacker to conduct XXE-attack on the target system.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and cause XML parser to stop parsing and xml_get_error_code() to return XML_ERROR_EXTERNAL_ENTITY_HANDLING.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=71592

12) Memory leak

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to memory leaks in zend_register_functions(), specifically the section related to the new code. A remote attacker can trigger memory leaks to cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=75683

13) Segmentation fault

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segfault while fuzzing typed properties but reproducible on master. A remote attacker can trigger segmentation fault with divide-assign op and __get + __setto cause the service to crash.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=76667

14) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to protected method overrides a private one. A remote attacker can bypass protected method accessibility check.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=76869

15) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to BCMath reports some errors and warnings (such as "exponent too large in raise") by directly writing to stderr[1]. A remote attacker can bypass PHP's error handling.

Remediation

Update to version 7.3.0.

External links

https://bugs.php.net/bug.php?id=75169

Back to List