Published: 01/03/2018 Updated: 19/08/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In PHP up to and including 5.6.33, 7.0.x prior to 7.0.28, 7.1.x up to and including 7.1.14, and 7.2.x up to and including 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic An update for php is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in converticonv stream filter ...

Stack-based buffer under-read in ext/standard/http_fopen_wrapperc:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service:In PHP through 5633, 70x before 7028, 71x through 7114, and 72x through 722, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http ...

Stack-based buffer under-read in ext/standard/http_fopen_wrapperc:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of serviceIn PHP through 5633, 70x before 7028, 71x through 7114, and 72x through 722, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ ...

In PHP through 5633, 70x before 7028, 71x through 7114, and 72x through 722, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapperc This subsequently results in copying a large string ...

Check Point Reference: CPAI-2018-2634 Date Published: 4 Dec 2023 Severity: Critical ...

SecurityCenter leverages third-party software to help provide underlying functionality One of the third-party components (PHP) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled PHP to address the potential impac ...

SecurityCenter leverages third-party software to help provide underlying functionality Two separate third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...

Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets Vulnerable code at: php_stream_url_wrap_http_ex /home/weilei/php-722/ext/standard/http_fopen_wrapperc:723 if (tmp_line[tmp_line_len - 1] == '\n') { --tmp_line_len; if (tmp_line[tmp_line_len - 1] == '\ ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-0 ...

CWE-119 https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba https://bugs.php.net/bug.php?id=75981 http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/103204 https://usn.ubuntu.com/3600-1/https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html https://www.tenable.com/security/tns-2018-03 https://usn.ubuntu.com/3600-2/https://www.exploit-db.com/exploits/44846/https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://www.debian.org/security/2018/dsa-4240 http://www.securitytracker.com/id/1041607 https://www.tenable.com/security/tns-2018-12 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2020:1112 https://nvd.nist.gov https://usn.ubuntu.com/3600-2/https://www.exploit-db.com/exploits/44846/

CVE-2018-7584

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect