CVE-2018-7584

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

References

http://php.net/ChangeLog-7.php

http://www.securityfocus.com/bid/103204

http://www.securitytracker.com/id/1041607

https://access.redhat.com/errata/RHSA-2019:2519

https://bugs.php.net/bug.php?id=75981

https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba

https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html

https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html

https://usn.ubuntu.com/3600-1/

https://usn.ubuntu.com/3600-2/

https://www.debian.org/security/2018/dsa-4240

https://www.exploit-db.com/exploits/44846/

https://www.tenable.com/security/tns-2018-03

https://www.tenable.com/security/tns-2018-12

Details

Source: MITRE

Published: 2018-03-01

Updated: 2019-08-19

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
143988NewStart CGSL CORE 5.05 / MAIN 5.05 : php Multiple Vulnerabilities (NS-SA-2020-0090)NessusNewStart CGSL Local Security Checks
critical
143917NewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2020-0059)NessusNewStart CGSL Local Security Checks
critical
135827Scientific Linux Security Update : php on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
critical
135338CentOS 7 : php (CESA-2020:1112)NessusCentOS Local Security Checks
critical
135040RHEL 7 : php (RHSA-2020:1112)NessusRed Hat Local Security Checks
critical
700516macOS 10.13.x < 10.13.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98866PHP 7.2.x < 7.2.3 Stack Buffer OverflowWeb Application ScanningComponent Vulnerability
critical
98859PHP 7.1.x < 7.1.15 Stack Buffer OverflowWeb Application ScanningComponent Vulnerability
critical
98847PHP 7.0.x < 7.0.28 Stack Buffer OverflowWeb Application ScanningComponent Vulnerability
critical
98825PHP 5.6.x < 5.6.34 Stack Buffer OverflowWeb Application ScanningComponent Vulnerability
critical
120018SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0717-1)NessusSuSE Local Security Checks
critical
120017SUSE SLES12 Security Update : php7 (SUSE-SU-2018:0646-1)NessusSuSE Local Security Checks
critical
117672Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)NessusMisc.
critical
110928Debian DSA-4240-1 : php7.0 - security updateNessusDebian Local Security Checks
critical
110734EulerOS 2.0 SP3 : php (EulerOS-SA-2018-1158)NessusHuawei Local Security Checks
critical
110697Debian DLA-1397-1 : php5 security updateNessusDebian Local Security Checks
critical
110324macOS 10.13.x < 10.13.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
109495EulerOS 2.0 SP2 : php (EulerOS-SA-2018-1097)NessusHuawei Local Security Checks
critical
109494EulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)NessusHuawei Local Security Checks
critical
108849Amazon Linux AMI : php70 / php56 (ALAS-2018-988)NessusAmazon Linux Local Security Checks
critical
108726Debian DLA-1326-1 : php5 security updateNessusDebian Local Security Checks
critical
108691Amazon Linux AMI : php71 (ALAS-2018-982)NessusAmazon Linux Local Security Checks
critical
108650SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1)NessusSuSE Local Security Checks
critical
108483Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : PHP vulnerabilities (USN-3600-1)NessusUbuntu Local Security Checks
critical
108438openSUSE Security Update : php5 (openSUSE-2018-269)NessusSuSE Local Security Checks
critical
107285openSUSE Security Update : php7 (openSUSE-2018-244)NessusSuSE Local Security Checks
critical
107282Fedora 26 : php (2018-e8bc8d2784)NessusFedora Local Security Checks
critical
107234Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2018-067-02)NessusSlackware Local Security Checks
critical
107219PHP 7.2.x < 7.2.3 Stack Buffer OverflowNessusCGI abuses
critical
107218PHP 7.1.x < 7.1.15 Stack Buffer OverflowNessusCGI abuses
critical
107217PHP 7.0.x < 7.0.28 Stack Buffer OverflowNessusCGI abuses
critical
107216PHP 5.6.x < 5.6.34 Stack Buffer OverflowNessusCGI abuses
critical
107172Fedora 27 : php (2018-a89ccf7133)NessusFedora Local Security Checks
critical