Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 7.0.x < 7.0.15 / 7.1.x < 7.1.1 Multiple Vulnerabilities

Critical

Synopsis

The remote web server uses a version of PHP that is affected by multiple attack vectors.

Description

Versions of PHP 7.0.x prior to 7.0.15 and 7.1.x prior to 7.1.1 are affected by multiple vulnerabilities :

- An out-of-bounds read flaw exists in the 'phar_parse_pharfile()' function in 'ext/phar/phar.c' that is triggered when handling phar archives. This may allow a remote attacker to cause a denial of service. (OSVDB 149621) - A floating pointer exception flaw exists in the 'exif_convert_any_to_int()' function in 'ext/exif/exif.c' that is triggered when handling TIFF and JPEG image tags. This may allow a remote attacker to cause a crash. (OSVDB 149623) - A NULL pointer dereference flaw exists in the 'php_wddx_pop_element()' function in 'ext/wddx/wddx.c' that is triggered as certain input is not properly validated. This may allow a remote attacker to cause a crash. (OSVDB 149628) - An off-by-one overflow condition exists in the 'phar_parse_pharfile()' function in 'ext/phar/phar.c' that is triggered when parsing phar archives. This may allow a remote attacker to cause a limited buffer overflow, resulting in a crash. (OSVDB 149629) - An integer overflow condition exists in the '_zend_hash_init()' function in 'Zend/zend_hash.c'. The issue is triggered as certain input is not properly validated when handling unserialized objects. This may allow a remote attacker to potentially execute arbitrary code. (OSVDB 149664) - An out-of-bounds read flaw exists in the 'finish_nested_data()' function in 'ext/standard/var_unserializer.c' that is triggered when handling unserialized data. This may allow a remote attacker to crash a process built with the language or potentially disclose memory contents. (OSVDB 149665) - An integer overflow condition exists in the 'phar_parse_pharfile()' function in 'ext/phar/phar.c'. The issue is triggered as certain input is not properly validated when handling phar archives. This may allow a context-dependent attacker to crash a process built with the language. (OSVDB 149666) - A type confusion flaw exists that is triggered during the deserialization of specially crafted GMP objects. This may allow a remote attacker to crash a process utilizing the language. (OSVDB 150227) - A type confusion flaw exists that is triggered when deserializing ZVAL objects. This may allow a remote attacker to potentially execute arbitrary code. (OSVDB 150228) - An unspecified signed integer overflow condition exists in 'gd_io.c'. The issue is triggered as certain input is not properly validated. This may allow an attacker to have an unspecified impact. No further details have been provided. (OSVDB 150680)

Solution

Upgrade to PHP version 7.1.1. If 7.1.x cannot be obtained, 7.0.15 has also been patched for these vulnerabilities.