#VU100666 Use-after-free in PHP
Vulnerability identifier: #VU100666
Vulnerability risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-416
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor: PHP Group
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the sapi_read_post_data in CLI SAPI interface. A remote attacker can pass specially crafted response to the application and execute arbitrary code on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
PHP: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.1.15, 8.1.16, 8.1.17, 8.1.18, 8.1.19, 8.1.20, 8.1.21, 8.1.22, 8.1.23, 8.1.24, 8.1.25, 8.1.26, 8.1.27, 8.1.28, 8.1.29, 8.1.30, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 8.2.13, 8.2.14, 8.2.15, 8.2.16, 8.2.17, 8.2.18, 8.2.19, 8.2.20, 8.2.21, 8.2.22, 8.2.23, 8.2.24, 8.2.25, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.6, 8.3.7, 8.3.8, 8.3.9, 8.3.10, 8.3.11, 8.3.12, 8.3.13
External links
https://github.com/php/php-src/security/advisories/GHSA-4w77-75f9-2c8w
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
