CVE-2018-10548

Опубликовано: 26 апр. 2018

Источник: redhat

CVSS3: 5.9

Описание

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	php	Will not fix
Red Hat Enterprise Linux 5	php53	Will not fix
Red Hat Enterprise Linux 6	php	Will not fix
Red Hat Enterprise Linux 7	php	Will not fix
Red Hat Enterprise Linux 8	php	Not affected
Red Hat Software Collections	rh-php70-php	Will not fix
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-php71-php	Fixed	RHSA-2019:2519	19.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS	rh-php71-php	Fixed	RHSA-2019:2519	19.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS	rh-php71-php	Fixed	RHSA-2019:2519	19.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS	rh-php71-php	Fixed	RHSA-2019:2519	19.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1573805php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply

5.9 Medium

CVSS3