CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.6.33
phpphp
7.0.0 ≤
𝑥
< 7.0.28
phpphp
7.1.0 ≤
𝑥
≤ 7.1.14
phpphp
7.2.0 ≤
𝑥
≤ 7.2.2
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
artful
dne
bionic
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.24
released
xenial
dne
php7.0
artful
dne
bionic
dne
trusty
dne
xenial
Fixed 7.0.28-0ubuntu0.16.04.1
released
php7.1
artful
Fixed 7.1.15-0ubuntu0.17.10.1
released
bionic
dne
trusty
dne
xenial
dne
php7.2
artful
dne
bionic
Fixed 7.2.3-1ubuntu1
released
trusty
dne
xenial
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
php
RHEL 7
0:5.4.16-48.el7
fixed
php-bcmath
RHEL 7
0:5.4.16-48.el7
fixed
php-cli
RHEL 7
0:5.4.16-48.el7
fixed
php-common
RHEL 7
0:5.4.16-48.el7
fixed
php-dba
RHEL 7
0:5.4.16-48.el7
fixed
php-devel
RHEL 7
0:5.4.16-48.el7
fixed
php-embedded
RHEL 7
0:5.4.16-48.el7
fixed
php-enchant
RHEL 7
0:5.4.16-48.el7
fixed
php-fpm
RHEL 7
0:5.4.16-48.el7
fixed
php-gd
RHEL 7
0:5.4.16-48.el7
fixed
php-intl
RHEL 7
0:5.4.16-48.el7
fixed
php-ldap
RHEL 7
0:5.4.16-48.el7
fixed
php-mbstring
RHEL 7
0:5.4.16-48.el7
fixed
php-mysql
RHEL 7
0:5.4.16-48.el7
fixed
php-mysqlnd
RHEL 7
0:5.4.16-48.el7
fixed
php-odbc
RHEL 7
0:5.4.16-48.el7
fixed
php-pdo
RHEL 7
0:5.4.16-48.el7
fixed
php-pgsql
RHEL 7
0:5.4.16-48.el7
fixed
php-process
RHEL 7
0:5.4.16-48.el7
fixed
php-pspell
RHEL 7
0:5.4.16-48.el7
fixed
php-recode
RHEL 7
0:5.4.16-48.el7
fixed
php-snmp
RHEL 7
0:5.4.16-48.el7
fixed
php-soap
RHEL 7
0:5.4.16-48.el7
fixed
php-xml
RHEL 7
0:5.4.16-48.el7
fixed
php-xmlrpc
RHEL 7
0:5.4.16-48.el7
fixed
Common Weakness Enumeration
References
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/103204
http://www.securitytracker.com/id/1041607
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=75981
https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
https://usn.ubuntu.com/3600-1/
https://usn.ubuntu.com/3600-2/
https://www.debian.org/security/2018/dsa-4240
https://www.exploit-db.com/exploits/44846/
https://www.tenable.com/security/tns-2018-03
https://www.tenable.com/security/tns-2018-12
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/103204
http://www.securitytracker.com/id/1041607
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=75981
https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
https://usn.ubuntu.com/3600-1/
https://usn.ubuntu.com/3600-2/
https://www.debian.org/security/2018/dsa-4240
https://www.exploit-db.com/exploits/44846/
https://www.tenable.com/security/tns-2018-03
https://www.tenable.com/security/tns-2018-12