SB2019020807 - Multiple vulnerabilities in PHP
Published: February 8, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 vulnerabilities.
1) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when two RecursiveFilterIterator are added to RecursiveDirectoryIterator. A remote attacker can trigger segmentation fault and cause the service to crash.
2) Memory corruption (CVE-ID: N/A)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error in the function zend_cpu_supports_avx2(). A remote attacker can trigger memory corruption that may cause segfault and lead to denial of service.
3) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error when calling realpath in an invalid working directory. A remote attacker can cause zend engine to crash.
4) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when using `CURLOPT_WRITEFUNCTION` and `CURLOPT_HEADERFUNCTION` in `CURLMOPT_PUSHFUNCTION`. A remote attacker can trigger segmentation fault and cause the service to crash.
5) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to unspecified flaw. A remote attacker can cause php-fpm crash with Main process exited, code=dumped, status=11/SEGV.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to unbuffered queries memory leak. A remote attacker can gain access to arbitrary data or cause the service to crash.
7) Assertion failure (CVE-ID: N/A)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to assertion failed in dce_live_ranges. A remote attacker can trigger assertion failure and cause the service to crash.
8) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when using the "Advanced Editor" plugin in the BBS software Vanilla with an empty cache (the app's internal caching engine that is) the button row is missing. A remote attacker can trigger segmentation fault in zend_gc_addref and cause the service to crash.
9) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when using the "Advanced Editor" plugin in the BBS software Vanilla with an empty cache (the app's internal caching engine that is) the button row is missing. A remote attacker can trigger segmentation fault with persistent connection and cause the service to crash.
10) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segmentation fault when executing method with an empty parameter. A remote attacker can cause the service to crash.
11) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segmentation fault when add property to unserialized ArrayObject. A remote attacker can cause the service to crash.
12) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segmentation fault about array_multisort ?. A remote attacker can cause the service to crash.
13) Segmentation fault (CVE-ID: N/A)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to parse_str segfaults when inserting item into existing array. A remote attacker can cause the service to crash.
14) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when an expression such as `(2)::class` (with brackets) is parsed in source code. A remote attacker can trigger segmentation fault and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://bugs.php.net/bug.php?id=77263
- https://bugs.php.net/bug.php?id=77447
- https://bugs.php.net/bug.php?id=77484
- https://bugs.php.net/bug.php?id=76675
- https://bugs.php.net/bug.php?id=77430
- https://bugs.php.net/bug.php?id=77308
- https://bugs.php.net/bug.php?id=77266
- https://bugs.php.net/bug.php?id=77434
- https://bugs.php.net/bug.php?id=77289
- https://bugs.php.net/bug.php?id=77410
- https://bugs.php.net/bug.php?id=77298
- https://bugs.php.net/bug.php?id=77395
- https://bugs.php.net/bug.php?id=77439
- https://bugs.php.net/bug.php?id=77530