#VU13422 Segmentation fault in PHP
Published: June 22, 2018 / Updated: June 25, 2018
Vulnerability identifier: #VU13422
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to segmentation fault when trying to get the current from an invalid iterator. A remote attacker can try to get the current from an invalid iterator, trigger segfault and cause the service to crash.
The weakness exists due to segmentation fault when trying to get the current from an invalid iterator. A remote attacker can try to get the current from an invalid iterator, trigger segfault and cause the service to crash.
Remediation
Update to version 7.1.19, 7.2.7.