ALT-PU-2019-1423-1 — php7-openssl

BDU:2020-01570

HIGH7.5

Уязвимость интерпретатора PHP, связанная с ошибками управлением ключами, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-04-16

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2019-9637

BDU:2020-03140

HIGH7.5

Уязвимость функции exif_process_SOFn расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-07-07

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N

References

CVE-2019-9640

BDU:2020-03141

MEDIUM5.9

Уязвимость функции exif_process_IFD_in_MAKERNOTE расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-07-07

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N

References

CVE-2019-9638

BDU:2020-03142

MEDIUM5.9

Уязвимость функции exif_process_IFD_in_MAKERNOTE расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-07-07

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N

References

CVE-2019-9639

BDU:2022-02393

CRITICAL9.8

Уязвимость компонента exif интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный PHP-код

Published: 2022-04-19

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2019-9641

CVE-2019-9637

HIGH7.5

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

Published: 2019-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2019-9638

HIGH7.5

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

Published: 2019-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2019-9639

HIGH7.5

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

Published: 2019-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2019-9640

HIGH7.5

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

Published: 2019-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2019-9641

CRITICAL9.8

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Published: 2019-03-09Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Package update php7-openssl in branch p8

Closed issues (10)

Уязвимость интерпретатора PHP, связанная с ошибками управлением ключами, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента exif интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный PHP-код

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.