Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2018-19935 CVE-2019-6977 CVE-2016-10166 |
| CWE-ID | CWE-476 CWE-125 CWE-122 CWE-617 CWE-120 CWE-388 CWE-787 CWE-191 CWE-264 CWE-835 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #18 is available. Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #20 is available. |
| Vulnerable software Subscribe |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU16903
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to `serialize` will try to get all properties of the class by `zend_get_properties_for` when trying to `serialize` a class. A remote attacker can make `com` and `com_safearray_proxy` return NULL in `com_properties_get` so it will crash on `zend_array_count` and cause serializing or unserializing COM objects to crash.
The vulnerability has been fixed in the versions 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 7.2.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77177
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Out-of-bounds read
EUVDB-ID: #VU16904
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read during a second base64 implementation in ext/xmlrpc/libxmlrpc/base64.c in the PHP code. A remote attacker can supply a bad base64 input, trigger buffer over-read and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77380
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap out-of-bounds read
EUVDB-ID: #VU16905
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap out-of-bounds read when php is compiled with address sanitizer and USE_ZEND_ALLOC=0 is set. A remote attacker can supply a specially crafted input to the function xmlrpc_decode() , trigger heap buffer over-read and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77242
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Heap-based buffer overflow
EUVDB-ID: #VU16906
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer overflow in phar_detect_phar_fname_ext. A remote attacker can supply a specially crafted input, trigger memory corruption and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77247
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Assertion failure
EUVDB-ID: #VU16907
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to CFG assertion failure on multiple finalizing switch frees in one block. A remote attacker can supply a specially crafted input and cause the service to crash.
The vulnerability has been fixed in the versions 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 7.2.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77215
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Heap-based buffer overflow
EUVDB-ID: #VU16908
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer overflow in utf32be_mbc_to_code. A remote attacker can pass unterminated multibyte to the regex match, trigger memory corruption and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77418
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Buffer overflow
EUVDB-ID: #VU16909
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to buffer overflow in fetch_token when using enclen on an incomplete multibyte character. A remote attacker
can make a pointer return after the end of the buffer and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77385
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Heap-based buffer overflow
EUVDB-ID: #VU16910
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in expand_case_fold_string the len field is calculated off enclen, and is then used in onig_node_new_str which is passed to xmemcpy later down the line due to incorrect length in expand_case_fold_string. A remote attacker can trigger heap-based buffer overflow and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77382
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Heap-based buffer overflow
EUVDB-ID: #VU16911
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an incomplete multibyte char at end of $pattern in mb_split and mb_ereg. A remote attacker can trigger heap-based buffer overflow in multibyte match_at and cause the service to crash.
The vulnerability has been fixed in the versions 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 7.1.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77381
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Heap-based buffer overflow
EUVDB-ID: #VU16912
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an incomplete multibyte strings in $pattern in mb regex functions such as mb_ereg, mb_split. A remote attacker can trigger heap-based buffer overflow in mb regex functions - compile_string_node and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77371
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Buffer overflow
EUVDB-ID: #VU16913
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an incomplete multibyte strings in the $pattern of mb_ regex functions, such as mb_split, mb_ereg. A remote attacker can trigger buffer overflow on mb regex functions - fetch_token and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77370
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) NULL pointer dereference
EUVDB-ID: #VU16914
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-19935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in imap_mail if message args is null. A remote attacker can trigger NULL pointer dereference in imap_mail and cause the service to crash.
Update to versions 7.1.26, 7.2.14.
Vulnerable software versionsPHP: 7.1.0 - 7.2.13
External linkshttp://bugs.php.net/bug.php?id=77020
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Error handling
EUVDB-ID: #VU16915
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the imagecreatefromjpeg function improperly handles errors when passing a corrupt jpeg image. A remote attacker can supply a specially crafted jpeg image and cause the service to crash.
The vulnerability has been fixed in the versions 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 7.2.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Out-of-bounds write
EUVDB-ID: #VU16916
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6977
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary on the target system.
The weakness exists due to out-of-bounds write in imagecolormatch. A remote attacker can write up to 1200 bytes over the boundaries of a buffer allocated in the imagecolormatch function, which then calls gdImageColorMatch() and execute arbitrary code with elevated privileges.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77270
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Integer underflow
EUVDB-ID: #VU7574
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10166
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.
The vulnerability exists due to integer underflow when decrementing the "u" variable in _gdContributionsAlloc() function in gd_interpolation.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.2.14, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77269
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Segmentation fault
EUVDB-ID: #VU16921
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segfault when using SoapClient with null options. A remote attacker can trigger segmentation fault and cause the service to crash.
Update to version 7.3.1.
Vulnerable software versionsPHP: 7.3.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77088
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
17) Segmentation fault
EUVDB-ID: #VU16920
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to SodiumException segfaults. A remote attacker can trigger segmentation fault and cause the service to crash.
Update to version 7.3.1.
Vulnerable software versionsPHP: 7.3.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77297
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
18) Segmentation fault
EUVDB-ID: #VU16919
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the function spl_autoload converts class name to lower case and later tries to free this string. A remote attacker can trigger spl_autoload segfault and cause the service to crash.
Update to version 7.3.1.
Vulnerable software versionsPHP: 7.3.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77359
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
19) Infinite loop
EUVDB-ID: #VU16918
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to infinite loop in preg_replace_callbac. A remote attacker can trigger infinite loop and cause the service to crash.
Update to version 7.3.1.
Vulnerable software versionsPHP: 7.3.0 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77193
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
20) Buffer overflow
EUVDB-ID: #VU16917
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error when using mb regex functions such as mb_ereg and mb_split, with a pattern containing (?i) and a string ending with an incomplete multibyte character. A remote attacker can trigger buffer overflow in multibyte case folding - unicode and cause the service to crash.
The vulnerability has been fixed in the versions 5.6.40, 7.1.26, 7.3.1.
Vulnerable software versionsPHP: 5.5.6 - 7.3.0beta3
External linkshttp://bugs.php.net/bug.php?id=77394
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
