Описание
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Will not fix | ||
| Red Hat Software Collections | rh-php72-php | Will not fix | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2020:3662 | 08.09.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php73-php | Fixed | RHSA-2020:5275 | 01.12.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | rh-php73-php | Fixed | RHSA-2020:5275 | 01.12.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-php73-php | Fixed | RHSA-2020:5275 | 01.12.2020 |
Показывать по
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Уязвимость реализации функции exif_read_data() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
5.4 Medium
CVSS3