Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-14884

Опубликовано: 17 нояб. 2017
Источник: redhat
CVSS3: 7.5

Описание

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux 8phpNot affected
Red Hat Software Collectionsrh-php70-phpNot affected
Red Hat Software Collectionsrh-php72-phpNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-php71-phpFixedRHSA-2019:251919.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=1612362php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-14884

CVSS3: 7.5
ubuntu
почти 7 лет назад

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

nvd логотип

CVE-2018-14884

CVSS3: 7.5
nvd
почти 7 лет назад

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

debian логотип

CVE-2018-14884

CVSS3: 7.5
debian
почти 7 лет назад

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...

github логотип

GHSA-4f5w-5x35-7vgh

CVSS3: 7.5
github
около 3 лет назад

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

fstec логотип

BDU:2022-02485

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость функции http_header_value (ext/standard/http_fopen_wrapper.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3