Infinite loop in php7 (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-5711 |
| CWE-ID | CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
php7 (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Infinite loop
EUVDB-ID: #VU10390
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5711
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a local unauthenticated attacker to cause DoS condition.
The vulnerability exists in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsphp7 (Alpine package): 7.0.7-r0 - 7.0.25-r0
CPE2.3- cpe:2.3:o:alpine:php7_alpine_package:7.0.7-r0:*:*:*:*:alpine_linux:*:3.4
- cpe:2.3:o:alpine:php7_alpine_package:7.0.21-r0:*:*:*:*:alpine_linux:*:3.4
- cpe:2.3:o:alpine:php7_alpine_package:7.0.25-r0:*:*:*:*:alpine_linux:*:3.4
https://git.alpinelinux.org/aports/commit/?id=3deb517cec296a32e5b25f1a75a48c2026a44af4
https://git.alpinelinux.org/aports/commit/?id=aad758e364da9a69d0d519b619cc6eb2c7d150f8
https://git.alpinelinux.org/aports/commit/?id=0a3f40e0ea5d2b68f902eb4528b17327939ee400
https://git.alpinelinux.org/aports/commit/?id=2af60a5c6e7e457381ff31c346871e7c51812cfa
https://git.alpinelinux.org/aports/commit/?id=34bc5f16da72bed7c42423c3cfe3cc93fc529c46
https://git.alpinelinux.org/aports/commit/?id=451ff1929d8530ffbceb863acaeb212e545c3080
https://git.alpinelinux.org/aports/commit/?id=478332a5a162445bc68e54ef4138ae2a6af382d8
https://git.alpinelinux.org/aports/commit/?id=4a7ccf578f5caf82b4c9120ac266ff49f245549a
https://git.alpinelinux.org/aports/commit/?id=51a3714b5e5cf29bd19d94539add9f98b4a86572
https://git.alpinelinux.org/aports/commit/?id=3836f8ef34d4289d53a268aa6da65cee41c80976
https://git.alpinelinux.org/aports/commit/?id=e98955a2f39f18ae1b42e7fd84f8bbcd4d533690
https://git.alpinelinux.org/aports/commit/?id=c85efb30e1a0fd2e5950c1d99484261caa16779c
https://git.alpinelinux.org/aports/commit/?id=f72329a49b77be5d910dd4f7e923ea3d0fda939b
https://git.alpinelinux.org/aports/commit/?id=39dff559c574e02ce16541bd4875f79ebe1d9e1c
https://git.alpinelinux.org/aports/commit/?id=5e4dbc0d75238b02e3ad3bd55b5ac3a8b74bab3a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
