PHP is vulnerable to denial of service(DoS) attacks. An attacker could exploit a flaw in the PHAR
archive handler by supplying a malicious archive file which may leads to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile
function in ext/phar/phar.c
.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 | |
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 |
git.php.net/?p=php-src.git;a=commit;h=e5246580a85f031e1a3b8064edbaa55c1643a451
openwall.com/lists/oss-security/2017/07/10/6
php.net/ChangeLog-5.php
php.net/ChangeLog-7.php
www.securityfocus.com/bid/99607
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=73773
security.netapp.com/advisory/ntap-20180112-0001/
www.tenable.com/security/tns-2017-12