PHP is vulnerable to out-of-bounds reads. The vulnerability exists in mbc_enc_len() during regular expression searching. reg->dmin in forward_search_range() when not handled properly would result in an invalid pointer dereference as an out-of-bounds read from a stack buffer.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 | |
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 |
www.securityfocus.com/bid/100538
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
github.com/kkos/oniguruma/issues/58