Multiple vulnerabilities in PHP

Published: 2018-07-19

Risk	Low
Patch available	YES
Number of vulnerabilities	7
CVE-ID	CVE-2018-14883 CVE-2018-14851
CWE-ID	CWE-401 CWE-122 CWE-190 CWE-191 CWE-400 CWE-388
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	PHP Universal components / Libraries / Scripting languages
Vendor	PHP Group

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU13914

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to a memory leak when creating a large amount of objects without storing them. A remote attacker can execute the script as an HTTP request, cause memory usage to keep increasing and gain access to arbitrary data or cause the service to crash.

Mitigation

Update to version 7.2.8.

Vulnerable software versions

PHP: 7.2.0 - 7.2.7

CPE2.3

cpe:2.3:a:php_group:php:7.2.7:*:*:*:*:*:*:*

External links

https://bugs.php.net/bug.php?id=76520

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU13915

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-14883

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer overflow when processing exif_read_data in any 32-bit system. A remote attacker can trigger heap-based buffer overflow in exif_thumbnail_extract of exif.c and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 5.6.37, 7.0.31, 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 5.6.36 - 7.2.7

CPE2.3

External links

https://bugs.php.net/bug.php?id=76423

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU13916

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-14851

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow (READ of size 48) while reading exif data. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 5.6.37, 7.0.31, 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 5.6.36 - 7.2.7

CPE2.3

External links

https://bugs.php.net/bug.php?id=76557

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Segmentation fault

EUVDB-ID: #VU13917

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer underflow when unserializing a specially crafted malformed GMP. A remote attacker can segmentation fault and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

CPE2.3

External links

https://bugs.php.net/bug.php?id=74670

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU13918

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to Integer overflow when mb_strimwidth returns an empty string for $width > 2147483647. A remote attacker can trigger resource exhaustion in mb_strimwidthc and cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

CPE2.3

External links

https://bugs.php.net/bug.php?id=76532

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Error handling

EUVDB-ID: #VU13919

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when throwing exception in error handler. A remote attacker can cause the service to crash.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

CPE2.3

External links

https://bugs.php.net/bug.php?id=76536

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Error handling

EUVDB-ID: #VU13920

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a fatal 'Illegal string offset' error when using array assignment on a string reference. A remote attacker can use an error handler that converts errors to exceptions and cause the service to hang.

Mitigation

The vulnerability is addressed in the versions 7.1.20, 7.2.8.

Vulnerable software versions

PHP: 7.1.19 - 7.2.7

CPE2.3

External links

https://bugs.php.net/bug.php?id=76534

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.