Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-20783

Published: 21/02/2019 Updated: 22/05/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Php

Vulnerability Summary

In PHP prior to 5.6.39, 7.x prior to 7.0.33, 7.1.x prior to 7.1.25, and 7.2.x prior to 7.2.13, a buffer over-read in PHAR reading functions may allow an malicious user to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

opensuse leap 42.3

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: Moderate: php:7.2 security, bug fix, and enhancement update
Synopsis Moderate: php:72 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the php:72 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Red Hat: Moderate: rh-php71-php security, bug fix, and enhancement update
Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Red Hat: Critical: rh-php72-php security update
Synopsis Critical: rh-php72-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php72-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...

Github Repositories

https://github.com/CyCognito/manual-detection

Contains scripts which may help to identify susceptiblea and vulnerable hosts or services

manual-detection Contains scripts which may help to identify susceptiblea and vulnerable hosts or services test_openssh_vulnspy A python script which test for both CVE-2015-6563 & CVE-2015-6564 (judging by the OpenSSH version) Should work with both python2(7) and python3 Requirements: None Tested python versions: 2716 373 test_php_vulns A python script which

References

CWE-125https://bugs.php.net/bug.php?id=77143http://php.net/ChangeLog-7.phphttp://php.net/ChangeLog-5.phphttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.htmlhttps://usn.ubuntu.com/3566-2/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.htmlhttps://access.redhat.com/errata/RHSA-2019:2519https://access.redhat.com/errata/RHSA-2019:3299https://usn.ubuntu.com/3566-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254CVE-2024-32515CVE-2024-21338validationCVE-2024-32522dosCVE-2024-2101CVE-2024-21107elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook