Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.6.x < 5.6.27 / 7.0.x < 7.0.12 Multiple Vulnerabilities

Critical

Synopsis

The remote web server uses a version of PHP that is affected by multiple attack vectors.

Description

Versions of PHP 5.6.x prior to 5.6.27 and 7.0.x prior to 7.0.12 are vulnerable to the following issues :

- A NULL pointer dereference flaw exists in the 'SimpleXMLElement::asXML()' function in 'ext/simplexml/simplexml.c'. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145598) - An overflow condition exists in the 'php_ereg_replace()' function in 'ext/ereg/ereg.c'. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, crashing a process utilizing the language or potentially allowing the execution of arbitrary code. (OSVDB 145599) - A flaw exists in the 'openssl_random_pseudo_bytes()' function in 'ext/openssl/openssl.c' that is triggered when handling strings larger than 2GB. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145600) - A flaw exists in the 'openssl_encrypt()' function in 'ext/openssl/openssl.c' that is triggered when handling strings larger than 2GB. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145601) - An integer overflow flaw exists in the 'imap_8bit()' function in 'ext/imap/php_imap.c'. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to corrupt memory and crash a process utilizing the language or potentially execute arbitrary code. (OSVDB 145602) - A flaw exists in the '_bc_new_num_ex()' function in 'ext/bcmath/libbcmath/src/init.c' that is triggered during the handling of values passed via the 'scale' parameter. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145603) - A flaw exists in the 'php_resolve_path()' function in 'main/fopen_wrappers.c' that is triggered during the handling of negative size values passed via the 'filename' parameter. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145604) - A flaw exists in the 'dom_document_save_html()' function in 'ext/dom/document.c' that is due to missing NULL checks. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145605) - A use-after-free error exists in the 'unserialize()' function. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 145606) - An integer overflow flaw exists in the 'mb_encode_*()' function in 'ext/mbstring/mbstring.c'. The issue is triggered as the length of encoded data is not properly validated. This may allow a remote attacker to corrupt memory and crash a process utilizing the language or potentially execute arbitrary code. (OSVDB 145607) - A NULL pointer dereference flaw exists in the 'CachingIterator()' method in 'ext/spl/spl_iterators.c' that is triggered during the handling of string conversion. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 145608) - An integer overflow condition exists in the 'number_format()' function in 'ext/standard/math.c'. The issue is triggered when handling 'decimals' and 'dec_point' parameters with values that are equal or close to 0x7fffffff. This may allow a remote attacker to cause a heap-based buffer overflow, crashing a process utilizing the language or potentially allowing the execution of arbitrary code. (OSVDB 145609) - An overflow condition exists in the 'ResourceBundle::create' and 'ResourceBundle::getLocales' methods and their respective functions in 'ext/intl/resourcebundle/resourcebundle_class.c'. The issue is triggered as certain input is not properly validated when passed via the 'bundlename' parameter. This may allow a remote attacker to cause a stack-based buffer overflow, crashing a process utilizing the language or potentially allowing the execution of arbitrary code. (OSVDB 145610) - An integer overflow condition exists in the 'php_pcre_replace_impl()' function in 'ext/pcre/php_pcre.c'. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, crashing a process utilizing the language or potentially allowing the execution of arbitrary code. (OSVDB 145611) - A flaw exists in the 'php_date_interval_initialize_from_hash()' function in 'ext/date/php_date.c' that is triggered when unserializing DateInterval objects. This may allow a remote attacker to have an unspecified impact. (OSVDB 145613) - An unspecified flaw exists in the 'SplObjectStorage::unserialize()' method in 'ext/spl/spl_observer.c' that is triggered as it allows the use of non-objects as keys. This may allow a remote attacker to have an unspecified impact. (OSVDB 145614) - A NULL pointer dereference flaw exists in the 'php_wddx_serialize_object()' function in 'ext/wddx/wddx.c' that is triggered during the creation of PDORow objects. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 147407)

Solution

Upgrade to PHP version 7.0.12 or later. If 7.x cannot be obtained, 5.6.27 has also been patched for these vulnerabilities.