Описание
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Fix deferred | ||
| Red Hat Software Collections | rh-php70-php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2020:1624 | 28.04.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php72-php | Fixed | RHSA-2019:3299 | 01.11.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-php72-php | Fixed | RHSA-2019:3299 | 01.11.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Уязвимость функции чтения PHAR интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании, нарушить конфиденциальность и целостность защищаемых данных
EPSS
5.3 Medium
CVSS3