7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.753 High
EPSS
Percentile
98.2%
Issue Overview:
Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. (CVE-2018-7584)
Affected Packages:
php70, php56
Issue Correction:
Run yum update php70 to update your system.
Run yum update php56 to update your system.
New Packages:
i686:
php70-tidy-7.0.29-1.28.amzn1.i686
php70-enchant-7.0.29-1.28.amzn1.i686
php70-ldap-7.0.29-1.28.amzn1.i686
php70-snmp-7.0.29-1.28.amzn1.i686
php70-gmp-7.0.29-1.28.amzn1.i686
php70-dbg-7.0.29-1.28.amzn1.i686
php70-7.0.29-1.28.amzn1.i686
php70-embedded-7.0.29-1.28.amzn1.i686
php70-xmlrpc-7.0.29-1.28.amzn1.i686
php70-zip-7.0.29-1.28.amzn1.i686
php70-intl-7.0.29-1.28.amzn1.i686
php70-devel-7.0.29-1.28.amzn1.i686
php70-gd-7.0.29-1.28.amzn1.i686
php70-json-7.0.29-1.28.amzn1.i686
php70-pspell-7.0.29-1.28.amzn1.i686
php70-soap-7.0.29-1.28.amzn1.i686
php70-process-7.0.29-1.28.amzn1.i686
php70-fpm-7.0.29-1.28.amzn1.i686
php70-opcache-7.0.29-1.28.amzn1.i686
php70-pgsql-7.0.29-1.28.amzn1.i686
php70-mysqlnd-7.0.29-1.28.amzn1.i686
php70-recode-7.0.29-1.28.amzn1.i686
php70-debuginfo-7.0.29-1.28.amzn1.i686
php70-dba-7.0.29-1.28.amzn1.i686
php70-common-7.0.29-1.28.amzn1.i686
php70-pdo-7.0.29-1.28.amzn1.i686
php70-pdo-dblib-7.0.29-1.28.amzn1.i686
php70-cli-7.0.29-1.28.amzn1.i686
php70-xml-7.0.29-1.28.amzn1.i686
php70-bcmath-7.0.29-1.28.amzn1.i686
php70-mbstring-7.0.29-1.28.amzn1.i686
php70-imap-7.0.29-1.28.amzn1.i686
php70-odbc-7.0.29-1.28.amzn1.i686
php70-mcrypt-7.0.29-1.28.amzn1.i686
php56-mysqlnd-5.6.35-1.137.amzn1.i686
php56-pdo-5.6.35-1.137.amzn1.i686
php56-xml-5.6.35-1.137.amzn1.i686
php56-bcmath-5.6.35-1.137.amzn1.i686
php56-intl-5.6.35-1.137.amzn1.i686
php56-ldap-5.6.35-1.137.amzn1.i686
php56-pspell-5.6.35-1.137.amzn1.i686
php56-process-5.6.35-1.137.amzn1.i686
php56-devel-5.6.35-1.137.amzn1.i686
php56-soap-5.6.35-1.137.amzn1.i686
php56-recode-5.6.35-1.137.amzn1.i686
php56-dba-5.6.35-1.137.amzn1.i686
php56-gd-5.6.35-1.137.amzn1.i686
php56-odbc-5.6.35-1.137.amzn1.i686
php56-debuginfo-5.6.35-1.137.amzn1.i686
php56-enchant-5.6.35-1.137.amzn1.i686
php56-xmlrpc-5.6.35-1.137.amzn1.i686
php56-common-5.6.35-1.137.amzn1.i686
php56-dbg-5.6.35-1.137.amzn1.i686
php56-cli-5.6.35-1.137.amzn1.i686
php56-snmp-5.6.35-1.137.amzn1.i686
php56-mcrypt-5.6.35-1.137.amzn1.i686
php56-pgsql-5.6.35-1.137.amzn1.i686
php56-embedded-5.6.35-1.137.amzn1.i686
php56-mbstring-5.6.35-1.137.amzn1.i686
php56-gmp-5.6.35-1.137.amzn1.i686
php56-tidy-5.6.35-1.137.amzn1.i686
php56-mssql-5.6.35-1.137.amzn1.i686
php56-fpm-5.6.35-1.137.amzn1.i686
php56-opcache-5.6.35-1.137.amzn1.i686
php56-imap-5.6.35-1.137.amzn1.i686
php56-5.6.35-1.137.amzn1.i686
src:
php70-7.0.29-1.28.amzn1.src
php56-5.6.35-1.137.amzn1.src
x86_64:
php70-mcrypt-7.0.29-1.28.amzn1.x86_64
php70-process-7.0.29-1.28.amzn1.x86_64
php70-bcmath-7.0.29-1.28.amzn1.x86_64
php70-xml-7.0.29-1.28.amzn1.x86_64
php70-mysqlnd-7.0.29-1.28.amzn1.x86_64
php70-7.0.29-1.28.amzn1.x86_64
php70-snmp-7.0.29-1.28.amzn1.x86_64
php70-gmp-7.0.29-1.28.amzn1.x86_64
php70-tidy-7.0.29-1.28.amzn1.x86_64
php70-fpm-7.0.29-1.28.amzn1.x86_64
php70-intl-7.0.29-1.28.amzn1.x86_64
php70-pgsql-7.0.29-1.28.amzn1.x86_64
php70-pdo-dblib-7.0.29-1.28.amzn1.x86_64
php70-dbg-7.0.29-1.28.amzn1.x86_64
php70-ldap-7.0.29-1.28.amzn1.x86_64
php70-cli-7.0.29-1.28.amzn1.x86_64
php70-zip-7.0.29-1.28.amzn1.x86_64
php70-debuginfo-7.0.29-1.28.amzn1.x86_64
php70-enchant-7.0.29-1.28.amzn1.x86_64
php70-json-7.0.29-1.28.amzn1.x86_64
php70-recode-7.0.29-1.28.amzn1.x86_64
php70-imap-7.0.29-1.28.amzn1.x86_64
php70-embedded-7.0.29-1.28.amzn1.x86_64
php70-opcache-7.0.29-1.28.amzn1.x86_64
php70-dba-7.0.29-1.28.amzn1.x86_64
php70-devel-7.0.29-1.28.amzn1.x86_64
php70-common-7.0.29-1.28.amzn1.x86_64
php70-pdo-7.0.29-1.28.amzn1.x86_64
php70-gd-7.0.29-1.28.amzn1.x86_64
php70-odbc-7.0.29-1.28.amzn1.x86_64
php70-mbstring-7.0.29-1.28.amzn1.x86_64
php70-soap-7.0.29-1.28.amzn1.x86_64
php70-pspell-7.0.29-1.28.amzn1.x86_64
php70-xmlrpc-7.0.29-1.28.amzn1.x86_64
php56-gmp-5.6.35-1.137.amzn1.x86_64
php56-xml-5.6.35-1.137.amzn1.x86_64
php56-imap-5.6.35-1.137.amzn1.x86_64
php56-tidy-5.6.35-1.137.amzn1.x86_64
php56-odbc-5.6.35-1.137.amzn1.x86_64
php56-fpm-5.6.35-1.137.amzn1.x86_64
php56-devel-5.6.35-1.137.amzn1.x86_64
php56-dbg-5.6.35-1.137.amzn1.x86_64
php56-process-5.6.35-1.137.amzn1.x86_64
php56-mbstring-5.6.35-1.137.amzn1.x86_64
php56-pdo-5.6.35-1.137.amzn1.x86_64
php56-xmlrpc-5.6.35-1.137.amzn1.x86_64
php56-5.6.35-1.137.amzn1.x86_64
php56-gd-5.6.35-1.137.amzn1.x86_64
php56-ldap-5.6.35-1.137.amzn1.x86_64
php56-dba-5.6.35-1.137.amzn1.x86_64
php56-mcrypt-5.6.35-1.137.amzn1.x86_64
php56-intl-5.6.35-1.137.amzn1.x86_64
php56-embedded-5.6.35-1.137.amzn1.x86_64
php56-bcmath-5.6.35-1.137.amzn1.x86_64
php56-common-5.6.35-1.137.amzn1.x86_64
php56-recode-5.6.35-1.137.amzn1.x86_64
php56-opcache-5.6.35-1.137.amzn1.x86_64
php56-enchant-5.6.35-1.137.amzn1.x86_64
php56-mssql-5.6.35-1.137.amzn1.x86_64
php56-pgsql-5.6.35-1.137.amzn1.x86_64
php56-cli-5.6.35-1.137.amzn1.x86_64
php56-soap-5.6.35-1.137.amzn1.x86_64
php56-mysqlnd-5.6.35-1.137.amzn1.x86_64
php56-debuginfo-5.6.35-1.137.amzn1.x86_64
php56-snmp-5.6.35-1.137.amzn1.x86_64
php56-pspell-5.6.35-1.137.amzn1.x86_64
Red Hat: CVE-2018-7584
Mitre: CVE-2018-7584
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php70-tidy | < 7.0.29-1.28.amzn1 | php70-tidy-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-enchant | < 7.0.29-1.28.amzn1 | php70-enchant-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-ldap | < 7.0.29-1.28.amzn1 | php70-ldap-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-snmp | < 7.0.29-1.28.amzn1 | php70-snmp-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-gmp | < 7.0.29-1.28.amzn1 | php70-gmp-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-dbg | < 7.0.29-1.28.amzn1 | php70-dbg-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70 | < 7.0.29-1.28.amzn1 | php70-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-embedded | < 7.0.29-1.28.amzn1 | php70-embedded-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-xmlrpc | < 7.0.29-1.28.amzn1 | php70-xmlrpc-7.0.29-1.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-zip | < 7.0.29-1.28.amzn1 | php70-zip-7.0.29-1.28.amzn1.i686.rpm |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.753 High
EPSS
Percentile
98.2%