The uwsgi_expand_path function in core/utils.c in Unbit uWSGI up to and including 2.0.15 has a stack-based buffer overflow via a large directory length.
Debian Bug report logs -
#891639
uwsgi: CVE-2018-7490: Mishandled DOCUMENT_ROOT check with use of --php-docroot option allows for directory traversal
Package:
src:uwsgi;
Maintainer for src:uwsgi is uWSGI packaging team <pkg-uwsgi-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Dat ...
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,
self-healing application container server, does not properly handle a
DOCUMENT_ROOT check during use of the --php-docroot option, allowing a
remote attacker to mount a directory traversal attack and gain
unauthorized read access to sensitive files located outside of the web
root dir ...