PHP Multiple Security Vulnerabilities
BID:104019
CVE-2018-10546 | CVE-2018-10548 | CVE-2018-10549 |Info
PHP Multiple Security Vulnerabilities
| Bugtraq ID: | 104019 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-10546 CVE-2018-10549 CVE-2018-10548 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 27 2018 12:00AM |
| Updated: | Apr 27 2018 12:00AM |
| Credit: | cyoung, p dot mehrer and cpicard |
| Vulnerable: |
PHP PHP 7.2.3 PHP PHP 7.2.2 PHP PHP 7.2.1 PHP PHP 7.1.13 PHP PHP 7.1.12 PHP PHP 7.1.11 PHP PHP 7.1.8 PHP PHP 7.1.7 PHP PHP 7.1.6 PHP PHP 7.1.5 PHP PHP 7.1.4 PHP PHP 7.1.1 PHP PHP 7.1 PHP PHP 7.0.27 PHP PHP 7.0.26 PHP PHP 7.0.25 PHP PHP 7.0.22 PHP PHP 7.0.21 PHP PHP 7.0.17 PHP PHP 7.0.16 PHP PHP 7.0.15 PHP PHP 7.0.14 PHP PHP 7.0.12 PHP PHP 7.0.5 PHP PHP 7.0.3 PHP PHP 5.6.33 PHP PHP 5.6.32 PHP PHP 5.6.31 PHP PHP 5.6.30 PHP PHP 5.6.29 PHP PHP 5.6.27 PHP PHP 5.6.22 PHP PHP 5.6.21 PHP PHP 5.6.20 PHP PHP 5.6.19 PHP PHP 5.6.18 PHP PHP 5.6.17 PHP PHP 5.6.13 PHP PHP 5.6.12 PHP PHP 5.6.11 PHP PHP 5.6.1 PHP PHP 7.2 PHP PHP 7.1.3 PHP PHP 7.1.14 PHP PHP 7.1 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.7 PHP PHP 7.0.6 PHP PHP 7.0.4 PHP PHP 7.0.2 PHP PHP 7.0.13 PHP PHP 7.0.11 PHP PHP 7.0.10 PHP PHP 7.0.1 PHP PHP 7.0 PHP PHP 5.6.34 PHP PHP 5.6.3 PHP PHP 5.6.28 PHP PHP 5.6.26 PHP PHP 5.6.25 PHP PHP 5.6.24 PHP PHP 5.6.23 PHP PHP 5.6.2 PHP PHP 5.6.14 PHP PHP 5.6.10 PHP PHP 5.0 |
| Not Vulnerable: |
PHP PHP 7.2.5 PHP PHP 7.1.17 PHP PHP 7.0.30 PHP PHP 5.6.36 |
Discussion
PHP Multiple Security Vulnerabilities
PHP is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
The following products are affected:
PHP 7.2 prior to 7.2.5
PHP 7.1 prior to 7.1.17
PHP 7.0 prior to 7.0.30
PHP 5.0 prior to 5.6.36
PHP is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
The following products are affected:
PHP 7.2 prior to 7.2.5
PHP 7.1 prior to 7.1.17
PHP 7.0 prior to 7.0.30
PHP 5.0 prior to 5.6.36
Exploit / POC
PHP Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
PHP Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
PHP Multiple Security Vulnerabilities
References:
References:
- PHP 5 ChangeLog (PHP)
- PHP Homepage (PHP)
- #76130 Heap Buffer Overflow (READ: 1786) in exif_iif_add_value (PHP)
- #76143 Memory corruption: arbitrary NUL overwrite (PHP)
- #76248 Malicious LDAP-Server Response causes Crash (PHP)
- #76249 stream filter convert.iconv leads to infinite loop on invalid sequence (PHP)
- Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution (Cisecurity)
- PHP 7 ChangeLog (PHP)