HIGH7.5
Уязвимость библиотеки Oniguruma, связанная с использованием неинициализированной переменной и позволяющая вызвать повреждение памяти
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
Severity:
Closed issues (27)
HIGH7.5
Уязвимость библиотеки Oniguruma, связанная с использованием неинициализированной переменной и позволяющая вызвать повреждение памяти
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.5
Уязвимость библиотеки Oniguruma, связанная с использованием неинициализированной переменной и позволяющая нарушителю осуществить чтение за границами буфера в динамической памяти
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.5
Уязвимость библиотеки Oniguruma, связанная с некорректной обработкой чисел и позволяющая нарушителю вызвать повреждение памяти
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.5
Уязвимость библиотеки Oniguruma, позволяющая нарушителю оказать влияние на доступность информации
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
CRITICAL9.8
Уязвимость функции php_stream_url_wrap_http_ex интерпретатора PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
MEDIUM5.5
Уязвимость функции gdImageCreateFromGifCtx библиотеки для создания и работы с программируемой графикой libgd2, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
HIGH7.5
Уязвимость функции ldap_get_dn интерпретатора PHP, связанная с ошибкой разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM4.7
Уязвимость дочерних FPM-процессов интерпретатора языка программирования PHP, позволяющая нарушителю обойти проверку доступа opcache и получить несанкционированный доступ к защищаемой информации
CVSS 3.xMEDIUM 4.7
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NCVSS 2.0LOW 3.8
CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:N/A:NReferences
HIGH7.5
Уязвимость потокового фильтра iconv (ext/iconv/iconv.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM6.1
Уязвимость компонента ext/phar/phar_object.c интерпретатора языка программирования PHP, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
CVSS 3.xMEDIUM 6.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:NReferences
HIGH8.8
Уязвимость функции exif_read_data (ext/exif/exif.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM6.1
Уязвимость на странице ошибки PHAR 404 интерпретатора языка программирования PHP, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
CVSS 3.xMEDIUM 6.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:NReferences
CRITICAL9.8
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/79825
- http://www.securitytracker.com/id/1034555
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://bugs.exim.org/show_bug.cgi?id=1767
- https://security.gentoo.org/glsa/201607-02
- https://www.tenable.com/security/tns-2016-18
- https://www.tenable.com/security/tns-2017-14
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/79825
- http://www.securitytracker.com/id/1034555
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110
- https://access.redhat.com/errata/RHSA-2016:1132
- https://bto.bluecoat.com/security-advisory/sa128
- https://bugs.exim.org/show_bug.cgi?id=1767
- https://security.gentoo.org/glsa/201607-02
- https://www.tenable.com/security/tns-2016-18
- https://www.tenable.com/security/tns-2017-14
CRITICAL9.8
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/101244
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
- https://github.com/kkos/oniguruma/issues/57
- http://www.securityfocus.com/bid/101244
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
- https://github.com/kkos/oniguruma/issues/57
CRITICAL9.8
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/101244
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
- https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6
- https://github.com/kkos/oniguruma/issues/55
- http://www.securityfocus.com/bid/101244
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
- https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6
- https://github.com/kkos/oniguruma/issues/55
CRITICAL9.8
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/100538
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
- https://github.com/kkos/oniguruma/issues/58
- http://www.securityfocus.com/bid/100538
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
- https://github.com/kkos/oniguruma/issues/58
CRITICAL9.8
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
- https://github.com/kkos/oniguruma/issues/60
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
- https://github.com/kkos/oniguruma/issues/60
HIGH7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
- https://github.com/kkos/oniguruma/issues/59
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
- https://github.com/kkos/oniguruma/issues/59
MEDIUM4.7
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:NCVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104022
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75605
- https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://usn.ubuntu.com/3646-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104022
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75605
- https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://usn.ubuntu.com/3646-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
HIGH7.5
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104019
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76249
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104019
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76249
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
MEDIUM6.1
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76129
- https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://usn.ubuntu.com/3646-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76129
- https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://usn.ubuntu.com/3646-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
HIGH7.5
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104019
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76248
- https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://usn.ubuntu.com/3646-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
- https://www.tenable.com/security/tns-2019-07
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104019
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76248
- https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://usn.ubuntu.com/3646-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.tenable.com/security/tns-2018-12
- https://www.tenable.com/security/tns-2019-07
HIGH8.8
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104019
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76130
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://www.debian.org/security/2018/dsa-4240
- https://www.synology.com/support/security/Synology_SA_18_20
- https://www.tenable.com/security/tns-2018-12
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104019
- http://www.securitytracker.com/id/1040807
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76130
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180607-0003/
- https://usn.ubuntu.com/3646-1/
- https://www.debian.org/security/2018/dsa-4240
- https://www.synology.com/support/security/Synology_SA_18_20
- https://www.tenable.com/security/tns-2018-12
MEDIUM5.5
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75571
- https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://security.gentoo.org/glsa/201903-18
- https://usn.ubuntu.com/3755-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75571
- https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://security.gentoo.org/glsa/201903-18
- https://usn.ubuntu.com/3755-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html
MEDIUM6.1
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/102742
- http://www.securityfocus.com/bid/104020
- http://www.securitytracker.com/id/1040363
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=74782
- https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
- https://usn.ubuntu.com/3566-1/
- https://usn.ubuntu.com/3600-1/
- https://usn.ubuntu.com/3600-2/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/102742
- http://www.securityfocus.com/bid/104020
- http://www.securitytracker.com/id/1040363
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=74782
- https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
- https://usn.ubuntu.com/3566-1/
- https://usn.ubuntu.com/3600-1/
- https://usn.ubuntu.com/3600-2/
- https://www.oracle.com/security-alerts/cpuapr2020.html
CRITICAL9.8
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/103204
- http://www.securitytracker.com/id/1041607
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75981
- https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
- https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://usn.ubuntu.com/3600-1/
- https://usn.ubuntu.com/3600-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.exploit-db.com/exploits/44846/
- https://www.tenable.com/security/tns-2018-03
- https://www.tenable.com/security/tns-2018-12
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/103204
- http://www.securitytracker.com/id/1041607
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75981
- https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
- https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
- https://usn.ubuntu.com/3600-1/
- https://usn.ubuntu.com/3600-2/
- https://www.debian.org/security/2018/dsa-4240
- https://www.exploit-db.com/exploits/44846/
- https://www.tenable.com/security/tns-2018-03
- https://www.tenable.com/security/tns-2018-12