PHP Multiple Heap Buffer Overflow Vulnerabilities
BID:104871
CVE-2018-14851 | CVE-2018-14883 |Info
PHP Multiple Heap Buffer Overflow Vulnerabilities
| Bugtraq ID: | 104871 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-14851 CVE-2018-14883 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 19 2018 12:00AM |
| Updated: | Oct 30 2018 03:00PM |
| Credit: | Kaiyi and Geeknik. |
| Vulnerable: |
PHP PHP 7.2.7 PHP PHP 7.2.5 PHP PHP 7.2.4 PHP PHP 7.2.3 PHP PHP 7.2.2 PHP PHP 7.2.1 PHP PHP 7.2 PHP PHP 7.1.17 PHP PHP 7.1.16 PHP PHP 7.1.13 PHP PHP 7.1.12 PHP PHP 7.1.11 PHP PHP 7.1.8 PHP PHP 7.1.7 PHP PHP 7.1.6 PHP PHP 7.1.5 PHP PHP 7.1.4 PHP PHP 7.1.1 PHP PHP 7.1 PHP PHP 7.0.30 PHP PHP 7.0.29 PHP PHP 7.0.27 PHP PHP 7.0.26 PHP PHP 7.0.25 PHP PHP 7.0.22 PHP PHP 7.0.21 PHP PHP 7.0.17 PHP PHP 7.0.16 PHP PHP 7.0.15 PHP PHP 7.0.14 PHP PHP 7.0.12 PHP PHP 7.0.5 PHP PHP 7.0.3 PHP PHP 5.6.36 PHP PHP 5.6.35 PHP PHP 5.6.33 PHP PHP 5.6.32 PHP PHP 5.6.31 PHP PHP 5.6.30 PHP PHP 5.6.29 PHP PHP 5.6.27 PHP PHP 5.6.22 PHP PHP 5.6.21 PHP PHP 5.6.20 PHP PHP 5.6.19 PHP PHP 5.6.18 PHP PHP 5.6.17 PHP PHP 5.6.13 PHP PHP 5.6.12 PHP PHP 5.6.11 PHP PHP 5.6.5 PHP PHP 5.6.4 PHP PHP 5.6.1 PHP PHP 5.6 PHP PHP 7.1.3 PHP PHP 7.1.2 PHP PHP 7.1.14 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.7 PHP PHP 7.0.6 PHP PHP 7.0.4 PHP PHP 7.0.2 PHP PHP 7.0.13 PHP PHP 7.0.11 PHP PHP 7.0.10 PHP PHP 7.0.1 PHP PHP 5.6.9 PHP PHP 5.6.8 PHP PHP 5.6.7 PHP PHP 5.6.6 PHP PHP 5.6.34 PHP PHP 5.6.3 PHP PHP 5.6.28 PHP PHP 5.6.26 PHP PHP 5.6.25 PHP PHP 5.6.24 PHP PHP 5.6.23 PHP PHP 5.6.2 PHP PHP 5.6.14 PHP PHP 5.6.10 Oracle Solaris 11.4 Oracle Solaris 11.3 |
| Not Vulnerable: |
PHP PHP 7.2.8 PHP PHP 7.1.20 PHP PHP 7.0.31 PHP PHP 5.6.37 Oracle Solaris 11.4 SRU 2 Oracle Solaris 11.3 LSU 36 |
Discussion
PHP Multiple Heap Buffer Overflow Vulnerabilities
PHP is prone to multiple heap-based buffer-overflow vulnerabilities.
Successfully exploiting these issues allow remote attackers to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
Versions prior to PHP 5.6.37, 7.1.20, 7.2.8, and 7.0.31 are vulnerable.
PHP is prone to multiple heap-based buffer-overflow vulnerabilities.
Successfully exploiting these issues allow remote attackers to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
Versions prior to PHP 5.6.37, 7.1.20, 7.2.8, and 7.0.31 are vulnerable.
Exploit / POC
PHP Multiple Heap Buffer Overflow Vulnerabilities
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
PHP Multiple Heap Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
PHP Multiple Heap Buffer Overflow Vulnerabilities
References:
References: