#VU12257 Infinite loop in PHP


Published: 2018-04-26 | Updated: 2018-05-02

Vulnerability identifier: #VU12257

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-10546

CWE-ID: CWE-835

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop. A remote attacker can use a stream filter with convert.iconv and not enough input bytes, trigger an infinite loop, one CPU Core at 100% and cause the service to crash.

Mitigation
The vulnerability is addressed in the following versions: 5.6.36, 7.1.17, 7.2.5 and 7.0.30.

Vulnerable software versions

PHP: 7.2.0 - 7.2.4, 7.0.0 - 7.0.29, 5.6.0 - 5.6.35, 5.5.6, 7.1.0 - 7.1.16

External links
http://bugs.php.net/bug.php?id=76249

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Gentoo update for PHP
Infinite loop in php7 (Alpine package)
Debian update for php7.0
OpenSUSE Linux update for php5
Slackware Linux update for php
Amazon Linux AMI update for php56, php70, php71
OpenSUSE Linux update for php7
SUSE Linux update for php7
Multiple vulnerabilities in PHP
Red Hat update for 389-ds-base