PHP 5.6.x < 5.6.31 Multiple Vulnerabilities

critical Web Application Scanning Plugin ID 98822

Language:

Synopsis

Description

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities :

- An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004)

- An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890)

- An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)

- An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)

- An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)

- An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)

- An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)

- A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142)

- An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143)

- A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)

- An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)

- An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.

- An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

Note that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.