Описание
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
A vulnerability was found in php. This issue occurs due to memory corruption in the finfo_buffer() function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:8.0/php | Not affected | ||
| Red Hat Enterprise Linux 9 | php | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
EPSS
7.5 High
CVSS3