According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.23. It is, therefore, affected by a heap-based buffer overflow condition exists in the ext/standard/var_unserializer.re script due to improper use of the hash API for key deletion. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language :

  - CVE-2017-11144     Denial of service in openssl extension due to incorrect     return value check of OpenSSL sealing function

  - CVE-2017-11145     Out-of-bounds read in wddx_deserialize()

  - CVE-2017-11628     Buffer overflow in PHP INI parsing API

  - CVE-2017-12932 / CVE-2017-12934     Use-after-frees during unserialisation

  - CVE-2017-12933     Buffer overread in finish_nested_data()

  - CVE-2017-16642     Out-of-bounds read in timelib_meridian()

The remote host is affected by the vulnerability described in GLSA-201709-21 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       referenced CVE identifiers for details.
  Impact :

    A remote attacker could execute arbitrary code with the privileges of       the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.9. It is, therefore, affected by a heap-based buffer overflow condition exists in the ext/standard/var_unserializer.re script due to improper use of the hash API for key deletion. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for php7 fixes several issues.

These security issues were fixed :

  - CVE-2017-12932: Prevent heap use after free while     unserializing untrusted data, related to improper use of     the hash API for key deletion in a situation with an     invalid array size. Exploitation of this issue could     have had an unspecified impact on the integrity of PHP     (bsc#1054432).

  - CVE-2017-12934: Prevent heap use after free while     unserializing untrusted data, related to the     zval_get_type function in Zend/zend_types.h.
    Exploitation of this issue could have had an unspecified     impact on the integrity of PHP (bsc#1054408).

  - CVE-2017-12933: The finish_nested_data function in     ext/standard/var_unserializer.re was prone to a buffer     over-read while unserializing untrusted data.
    Exploitation of this issue could have had an unspecified     impact on the integrity of PHP (bsc#1054430)

These non-security issues were fixed :

  - bsc#1057104: php7-devel now requires php7-pear

  - bsc#1057845: Fixed namespace encapsulation of imported     classes/functions/constants

This update was imported from the SUSE:SLE-12:Update update project.

This update for php7 fixes several issues. These security issues were fixed :

  - CVE-2017-12932: Prevent heap use after free while     unserializing untrusted data, related to improper use of     the hash API for key deletion in a situation with an     invalid array size. Exploitation of this issue could     have had an unspecified impact on the integrity of PHP     (bsc#1054432).

  - CVE-2017-12934: Prevent heap use after free while     unserializing untrusted data, related to the     zval_get_type function in Zend/zend_types.h.
    Exploitation of this issue could have had an unspecified     impact on the integrity of PHP (bsc#1054408).

  - CVE-2017-12933: The finish_nested_data function in     ext/standard/var_unserializer.re was prone to a buffer     over-read while unserializing untrusted data.
    Exploitation of this issue could have had an unspecified     impact on the integrity of PHP (bsc#1054430)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.23 or 7.1.x prior to 7.1.9, therefore, affected by a heap user after free vulnerability when unserializing invalid array size.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
122544	PHP 7.2.x < 7.2.0 Heap-based Buffer Overflow Vulnerability	Nessus	CGI abuses	3/1/2019	10/31/2019	high
105663	Debian DSA-4080-1 : php7.0 - security update	Nessus	Debian Local Security Checks	1/9/2018	4/5/2019	high
103449	GLSA-201709-21 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	9/25/2017	1/11/2021	high
122539	PHP 7.0.x < 7.0.23 Heap-based Buffer Overflow Vulnerability	Nessus	CGI abuses	3/1/2019	10/31/2019	high
122543	PHP 7.1.x < 7.1.9 Heap-based Buffer Overflow Vulnerability	Nessus	CGI abuses	3/1/2019	10/31/2019	high
103286	openSUSE Security Update : php7 (openSUSE-2017-1061)	Nessus	SuSE Local Security Checks	9/18/2017	1/19/2021	high
120006	SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2468-1)	Nessus	SuSE Local Security Checks	1/2/2019	1/6/2021	high
98877	PHP 7.1.x < 7.1.9 Heap User After Free Vulnerability	Web Application Scanning	Component Vulnerability	1/31/2019	3/5/2021	high
98876	PHP 7.0.x < 7.0.23 Heap User After Free Vulnerability	Web Application Scanning	Component Vulnerability	1/31/2019	3/5/2021	high

Plugins Search

high

high

high

high

high

high

high

high

high