Lucene search
Veracode Vulnerability DatabaseVERACODE:19312HistoryMay 16, 2019 - 2:59 a.m.
Remote Code Execution (RCE)
2019-05-1602:59:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.487 Medium
EPSS
Percentile
97.5%
PHP is vulnerable to remote code execution. This is because Zend/zend_hash.c in PHP mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rh-php70-php | eq | 7.0.10__2.el7 | |
| rh-php70-php | eq | 7.0.10__2.el6 | |
| rh-php70-php | eq | 7.0.10__2.el7 | |
| rh-php70-php | eq | 7.0.10__2.el6 |
References
www.securityfocus.com/bid/95371
www.securitytracker.com/id/1037659
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=73832
github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12
security.netapp.com/advisory/ntap-20180112-0001/
Related
cvelist
cvelist
CVE-2017-5340
2017-01-11 06:02:00
hackerone
hackerone
Internet Bug Bounty: Use of uninitialized memory in unserialize()
2017-01-05 11:24:39
ubuntucve
ubuntucve
CVE-2017-5340
2017-01-11 00:00:00
redhatcve
redhatcve
CVE-2017-5340
2017-01-12 14:17:41
seebug
seebug
PHP Use of uninitialized memory in unserialize() (CVE-2017-5340)
2017-01-12 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP zend_hash_destroy Uninitialized Pointer Code Execution (CVE-2017-5340)
2017-02-26 00:00:00
osv
osv
CVE-2017-5340
2017-01-11 06:59:00
debiancve
debiancve
CVE-2017-5340
2017-01-11 06:59:00
prion
prion
Integer overflow
2017-01-11 06:59:00
f5
f5
K82907233 : PHP vulnerability CVE-2017-5340
2017-03-08 00:00:00
nvd
nvd
CVE-2017-5340
2017-01-11 06:59:00
cve
cve
CVE-2017-5340
2017-01-11 06:59:00
attackerkb
attackerkb
CVE-2020-14933
2020-06-20 00:00:00
CVE-2020-14932
2020-06-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3211-1)
2017-02-24 00:00:00
archlinux
archlinux
[ASA-201701-28] php: multiple issues
2017-01-19 00:00:00
nessus
nessus
PHP 7.1.x < 7.1.1 Multiple Vulnerabilities
2019-01-09 00:00:00
PHP 7.0.x < 7.0.15 Multiple Vulnerabilities
2019-01-09 00:00:00
PHP 7.1.x < 7.1.1 Multiple Vulnerabilities
2017-01-26 00:00:00
amazon
amazon
Medium: php70
2017-03-29 20:15:00
ubuntu
ubuntu
PHP vulnerabilities
2017-02-23 00:00:00
PHP regression
2017-03-02 00:00:00
suse
suse
Security update for php7 (important)
2017-03-02 15:12:04
Security update for php7 (important)
2017-02-22 15:08:24
veracode
veracode
Use After Free
2019-05-16 02:59:58
redhat
redhat