Veracode Vulnerability DatabaseVERACODE:19305Denial Of Service (DoS)
0.003 Low
EPSS
Percentile
70.6%
PHP is vulnerable to denial of service(DoS) attacks. An attacker could exploit a flaw in the PHAR archive handler by supplying a malicious archive file which may leads to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rh-php70-php | eq | 7.0.10__2.el7 | |
| rh-php70-php | eq | 7.0.10__2.el6 | |
| rh-php70-php | eq | 7.0.10__2.el7 | |
| rh-php70-php | eq | 7.0.10__2.el6 |
References
git.php.net/?p=php-src.git;a=commit;h=e5246580a85f031e1a3b8064edbaa55c1643a451
openwall.com/lists/oss-security/2017/07/10/6
php.net/ChangeLog-5.php
php.net/ChangeLog-7.php
www.securityfocus.com/bid/99607
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=73773
security.netapp.com/advisory/ntap-20180112-0001/
www.tenable.com/security/tns-2017-12
Related
