Segmentation fault in PHP - #VU13422
Published: June 22, 2018 / Updated: June 25, 2018
Vulnerability identifier: #VU13422
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segmentation fault when trying to get the current from an invalid iterator. A remote attacker can try to get the current from an invalid iterator, trigger segfault and cause the service to crash.
The weakness exists due to segmentation fault when trying to get the current from an invalid iterator. A remote attacker can try to get the current from an invalid iterator, trigger segfault and cause the service to crash.
Remediation
Update to version 7.1.19, 7.2.7.