Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10546

Опубликовано: 26 апр. 2018
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Enterprise Linux 8phpNot affected
Red Hat Software Collectionsrh-php70-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1573802php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service

EPSS

Процентиль: 98%
0.57167
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-10546

CVSS3: 7.5
ubuntu
около 7 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

nvd логотип

CVE-2018-10546

CVSS3: 7.5
nvd
около 7 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

debian логотип

CVE-2018-10546

CVSS3: 7.5
debian
около 7 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...

github логотип

GHSA-2396-h4jp-vpjg

CVSS3: 7.5
github
около 3 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

fstec логотип

BDU:2019-04234

CVSS3: 7.5
fstec
около 7 лет назад

Уязвимость потокового фильтра iconv (ext/iconv/iconv.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 98%
0.57167
Средний

7.5 High

CVSS3