Multiple vulnerabilities in PHP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2018-19935 CVE-2018-19158 |
| CWE-ID | CWE-264 CWE-476 CWE-78 CWE-122 CWE-835 CWE-20 CWE-119 CWE-611 CWE-401 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #15 is available. |
| Vulnerable software Subscribe |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Segmentation fault
EUVDB-ID: #VU16314
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segfault when using convert.quoted-printable-encode filter. A remote attacker can trigger segmentation fault and cause the service to crash.
The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0.
Vulnerable software versionsPHP: 5.6.0 - 7.2.12
External linkshttp://bugs.php.net/bug.php?id=77231
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU16315
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-19935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in _php_imap_mail when improper check of wheater message. A remote attacker can supply specially crafted message, trigger NULL pointer dereference and cause the service to crash.
The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.3.0.
Vulnerable software versionsPHP: 5.6.0 - 7.0.32
External linkshttp://bugs.php.net/bug.php?id=77020
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) OS command injection
EUVDB-ID: #VU16316
Risk: Low
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-19158
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The weakness exists due to OS command injection in imap_open. A remote attacker can bypass disabled exec functions in PHP and run arbitrary shell commands via mailbox parameter.
The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.1.25, 7.3.0.
Vulnerable software versionsPHP: 5.6.0 - 7.1.24
External linkshttp://bugs.php.net/bug.php?id=77153
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Heap-based buffer overflow
EUVDB-ID: #VU16317
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer overflow while fuzzing with AFL using an ASAN instrumented PHP. A remote attacker can disable the ZEND allocator, use ASAN (or valgrind/etc?) with a crafted phar as input, trigger memory corruption and cause the service to crash.
The vulnerability has been addressed in the versions 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0.
Vulnerable software versionsPHP: 5.6.0 - 7.2.12
External linkshttp://bugs.php.net/bug.php?id=77143
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Segmentation fault
EUVDB-ID: #VU16318
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segfault when removing part "<soap:header message="tns:requestheader" part="id" use="literal"/>" wsdl SoapClient. A remote attacker can trigger WSDL_CACHE_MEMORY and cause the service to crash.
The vulnerability has been fixed in the versions 7.1.25, 7.2.13.
Vulnerable software versionsPHP: 7.1.0 - 7.2.12
External linkshttp://bugs.php.net/bug.php?id=76348
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU16319
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to infinite loop. A remote attacker can run the test script without Opcache works fine, but with Opcache enabled to cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.3.0alpha1
External linkshttp://bugs.php.net/bug.php?id=76466
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Improper input validation
EUVDB-ID: #VU16320
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error if response headers have been already sent or when calling session_id($id) before session_start(). A remote attacker can send response headers and cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.1.0 - 7.1.25
External linkshttp://bugs.php.net/bug.php?id=74941
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Segmentation fault
EUVDB-ID: #VU16321
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segmentation fault. A remote attacker can trigger recursion and cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.1.0 - 7.2.13
External linkshttp://bugs.php.net/bug.php?id=74977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Memory corruption
EUVDB-ID: #VU16322
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error. A remote attacker can trigger memory corruption and segmentation fault to cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=76818
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Segmentation fault
EUVDB-ID: #VU16323
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segfault while running PHPUnit tests of one of the libraries. A remote attacker can trigger segmentation fault to cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.3.0beta1
External linkshttp://bugs.php.net/bug.php?id=76713
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) XXE attack
EUVDB-ID: #VU16324
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct XXE-attack on the target system.
The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and cause XML parser to stop parsing and xml_get_error_code() to return XML_ERROR_EXTERNAL_ENTITY_HANDLING.
Update to version 7.3.0.
Vulnerable software versionsPHP: 5.6.18 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=71592
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Memory leak
EUVDB-ID: #VU16325
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to memory leaks in zend_register_functions(), specifically the section related to the new code. A remote attacker can trigger memory leaks to cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.2.0 - 7.2.13
External linkshttp://bugs.php.net/bug.php?id=75683
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Segmentation fault
EUVDB-ID: #VU16326
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segfault while fuzzing typed properties but reproducible on master. A remote attacker can trigger segmentation fault with divide-assign op and __get + __setto cause the service to crash.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.3.0alpha4
External linkshttp://bugs.php.net/bug.php?id=76667
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Security restrictions bypass
EUVDB-ID: #VU16327
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to protected method overrides a private one. A remote attacker can bypass protected method accessibility check.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=76869
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Security restrictions bypass
EUVDB-ID: #VU16328
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to BCMath reports some errors and warnings (such as "exponent too large in raise") by directly writing to stderr[1]. A remote attacker can bypass PHP's error handling.
Update to version 7.3.0.
Vulnerable software versionsPHP: 7.0.23
External linkshttp://bugs.php.net/bug.php?id=75169
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
