Lucene search
AmazonALAS-2018-988HistoryApr 05, 2018 - 4:32 p.m.
Medium: php70, php56
2018-04-0516:32:00
alas.aws.amazon.com
20
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.799 High
EPSS
Percentile
98.3%
Issue Overview:
Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. (CVE-2018-7584)
Affected Packages:
php70, php56
Issue Correction:
Run yum update php70 to update your system.
Run yum update php56 to update your system.
New Packages:
i686:
php70-tidy-7.0.29-1.28.amzn1.i686
php70-enchant-7.0.29-1.28.amzn1.i686
php70-ldap-7.0.29-1.28.amzn1.i686
php70-snmp-7.0.29-1.28.amzn1.i686
php70-gmp-7.0.29-1.28.amzn1.i686
php70-dbg-7.0.29-1.28.amzn1.i686
php70-7.0.29-1.28.amzn1.i686
php70-embedded-7.0.29-1.28.amzn1.i686
php70-xmlrpc-7.0.29-1.28.amzn1.i686
php70-zip-7.0.29-1.28.amzn1.i686
php70-intl-7.0.29-1.28.amzn1.i686
php70-devel-7.0.29-1.28.amzn1.i686
php70-gd-7.0.29-1.28.amzn1.i686
php70-json-7.0.29-1.28.amzn1.i686
php70-pspell-7.0.29-1.28.amzn1.i686
php70-soap-7.0.29-1.28.amzn1.i686
php70-process-7.0.29-1.28.amzn1.i686
php70-fpm-7.0.29-1.28.amzn1.i686
php70-opcache-7.0.29-1.28.amzn1.i686
php70-pgsql-7.0.29-1.28.amzn1.i686
php70-mysqlnd-7.0.29-1.28.amzn1.i686
php70-recode-7.0.29-1.28.amzn1.i686
php70-debuginfo-7.0.29-1.28.amzn1.i686
php70-dba-7.0.29-1.28.amzn1.i686
php70-common-7.0.29-1.28.amzn1.i686
php70-pdo-7.0.29-1.28.amzn1.i686
php70-pdo-dblib-7.0.29-1.28.amzn1.i686
php70-cli-7.0.29-1.28.amzn1.i686
php70-xml-7.0.29-1.28.amzn1.i686
php70-bcmath-7.0.29-1.28.amzn1.i686
php70-mbstring-7.0.29-1.28.amzn1.i686
php70-imap-7.0.29-1.28.amzn1.i686
php70-odbc-7.0.29-1.28.amzn1.i686
php70-mcrypt-7.0.29-1.28.amzn1.i686
php56-mysqlnd-5.6.35-1.137.amzn1.i686
php56-pdo-5.6.35-1.137.amzn1.i686
php56-xml-5.6.35-1.137.amzn1.i686
php56-bcmath-5.6.35-1.137.amzn1.i686
php56-intl-5.6.35-1.137.amzn1.i686
php56-ldap-5.6.35-1.137.amzn1.i686
php56-pspell-5.6.35-1.137.amzn1.i686
php56-process-5.6.35-1.137.amzn1.i686
php56-devel-5.6.35-1.137.amzn1.i686
php56-soap-5.6.35-1.137.amzn1.i686
php56-recode-5.6.35-1.137.amzn1.i686
php56-dba-5.6.35-1.137.amzn1.i686
php56-gd-5.6.35-1.137.amzn1.i686
php56-odbc-5.6.35-1.137.amzn1.i686
php56-debuginfo-5.6.35-1.137.amzn1.i686
php56-enchant-5.6.35-1.137.amzn1.i686
php56-xmlrpc-5.6.35-1.137.amzn1.i686
php56-common-5.6.35-1.137.amzn1.i686
php56-dbg-5.6.35-1.137.amzn1.i686
php56-cli-5.6.35-1.137.amzn1.i686
php56-snmp-5.6.35-1.137.amzn1.i686
php56-mcrypt-5.6.35-1.137.amzn1.i686
php56-pgsql-5.6.35-1.137.amzn1.i686
php56-embedded-5.6.35-1.137.amzn1.i686
php56-mbstring-5.6.35-1.137.amzn1.i686
php56-gmp-5.6.35-1.137.amzn1.i686
php56-tidy-5.6.35-1.137.amzn1.i686
php56-mssql-5.6.35-1.137.amzn1.i686
php56-fpm-5.6.35-1.137.amzn1.i686
php56-opcache-5.6.35-1.137.amzn1.i686
php56-imap-5.6.35-1.137.amzn1.i686
php56-5.6.35-1.137.amzn1.i686
src:
php70-7.0.29-1.28.amzn1.src
php56-5.6.35-1.137.amzn1.src
x86_64:
php70-mcrypt-7.0.29-1.28.amzn1.x86_64
php70-process-7.0.29-1.28.amzn1.x86_64
php70-bcmath-7.0.29-1.28.amzn1.x86_64
php70-xml-7.0.29-1.28.amzn1.x86_64
php70-mysqlnd-7.0.29-1.28.amzn1.x86_64
php70-7.0.29-1.28.amzn1.x86_64
php70-snmp-7.0.29-1.28.amzn1.x86_64
php70-gmp-7.0.29-1.28.amzn1.x86_64
php70-tidy-7.0.29-1.28.amzn1.x86_64
php70-fpm-7.0.29-1.28.amzn1.x86_64
php70-intl-7.0.29-1.28.amzn1.x86_64
php70-pgsql-7.0.29-1.28.amzn1.x86_64
php70-pdo-dblib-7.0.29-1.28.amzn1.x86_64
php70-dbg-7.0.29-1.28.amzn1.x86_64
php70-ldap-7.0.29-1.28.amzn1.x86_64
php70-cli-7.0.29-1.28.amzn1.x86_64
php70-zip-7.0.29-1.28.amzn1.x86_64
php70-debuginfo-7.0.29-1.28.amzn1.x86_64
php70-enchant-7.0.29-1.28.amzn1.x86_64
php70-json-7.0.29-1.28.amzn1.x86_64
php70-recode-7.0.29-1.28.amzn1.x86_64
php70-imap-7.0.29-1.28.amzn1.x86_64
php70-embedded-7.0.29-1.28.amzn1.x86_64
php70-opcache-7.0.29-1.28.amzn1.x86_64
php70-dba-7.0.29-1.28.amzn1.x86_64
php70-devel-7.0.29-1.28.amzn1.x86_64
php70-common-7.0.29-1.28.amzn1.x86_64
php70-pdo-7.0.29-1.28.amzn1.x86_64
php70-gd-7.0.29-1.28.amzn1.x86_64
php70-odbc-7.0.29-1.28.amzn1.x86_64
php70-mbstring-7.0.29-1.28.amzn1.x86_64
php70-soap-7.0.29-1.28.amzn1.x86_64
php70-pspell-7.0.29-1.28.amzn1.x86_64
php70-xmlrpc-7.0.29-1.28.amzn1.x86_64
php56-gmp-5.6.35-1.137.amzn1.x86_64
php56-xml-5.6.35-1.137.amzn1.x86_64
php56-imap-5.6.35-1.137.amzn1.x86_64
php56-tidy-5.6.35-1.137.amzn1.x86_64
php56-odbc-5.6.35-1.137.amzn1.x86_64
php56-fpm-5.6.35-1.137.amzn1.x86_64
php56-devel-5.6.35-1.137.amzn1.x86_64
php56-dbg-5.6.35-1.137.amzn1.x86_64
php56-process-5.6.35-1.137.amzn1.x86_64
php56-mbstring-5.6.35-1.137.amzn1.x86_64
php56-pdo-5.6.35-1.137.amzn1.x86_64
php56-xmlrpc-5.6.35-1.137.amzn1.x86_64
php56-5.6.35-1.137.amzn1.x86_64
php56-gd-5.6.35-1.137.amzn1.x86_64
php56-ldap-5.6.35-1.137.amzn1.x86_64
php56-dba-5.6.35-1.137.amzn1.x86_64
php56-mcrypt-5.6.35-1.137.amzn1.x86_64
php56-intl-5.6.35-1.137.amzn1.x86_64
php56-embedded-5.6.35-1.137.amzn1.x86_64
php56-bcmath-5.6.35-1.137.amzn1.x86_64
php56-common-5.6.35-1.137.amzn1.x86_64
php56-recode-5.6.35-1.137.amzn1.x86_64
php56-opcache-5.6.35-1.137.amzn1.x86_64
php56-enchant-5.6.35-1.137.amzn1.x86_64
php56-mssql-5.6.35-1.137.amzn1.x86_64
php56-pgsql-5.6.35-1.137.amzn1.x86_64
php56-cli-5.6.35-1.137.amzn1.x86_64
php56-soap-5.6.35-1.137.amzn1.x86_64
php56-mysqlnd-5.6.35-1.137.amzn1.x86_64
php56-debuginfo-5.6.35-1.137.amzn1.x86_64
php56-snmp-5.6.35-1.137.amzn1.x86_64
php56-pspell-5.6.35-1.137.amzn1.x86_64
Additional References
Red Hat: CVE-2018-7584
Mitre: CVE-2018-7584
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | php70-tidy | < 7.0.29-1.28.amzn1 | php70-tidy-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-enchant | < 7.0.29-1.28.amzn1 | php70-enchant-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-ldap | < 7.0.29-1.28.amzn1 | php70-ldap-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-snmp | < 7.0.29-1.28.amzn1 | php70-snmp-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-gmp | < 7.0.29-1.28.amzn1 | php70-gmp-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-dbg | < 7.0.29-1.28.amzn1 | php70-dbg-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70 | < 7.0.29-1.28.amzn1 | php70-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-embedded | < 7.0.29-1.28.amzn1 | php70-embedded-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-xmlrpc | < 7.0.29-1.28.amzn1 | php70-xmlrpc-7.0.29-1.28.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php70-zip | < 7.0.29-1.28.amzn1 | php70-zip-7.0.29-1.28.amzn1.i686.rpm |
Related
nessus
nessus
PHP 5.6.x < 5.6.34 Stack Buffer Overflow
2018-03-08 00:00:00
openSUSE Security Update : php5 (openSUSE-2018-269)
2018-03-19 00:00:00
SUSE SLES12 Security Update : php7 (SUSE-SU-2018:0646-1)
2019-01-02 00:00:00
openvas
openvas
PHP Stack Buffer Overflow Vulnerability (Mar 2018) - Windows
2018-03-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0717-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2018-0167)
2022-01-28 00:00:00
slackware
slackware
[slackware-security] php
2018-03-08 09:04:27
osv
osv
CVE-2018-7584
2018-03-01 19:29:00
php5 - security update
2018-03-29 00:00:00
php5 - security update
2018-06-26 00:00:00
prion
prion
Stack overflow
2018-03-01 19:29:00
debiancve
debiancve
CVE-2018-7584
2018-03-01 19:29:00
alpinelinux
alpinelinux
CVE-2018-7584
2018-03-01 19:29:00
f5
f5
K28464509 : PHP vulnerability CVE-2018-7584
2018-05-21 00:00:00
veracode
veracode
Buffer Under-read
2019-08-20 00:10:42
debian
debian
[SECURITY] [DLA 1326-1] php5 security update
2018-03-29 20:49:42
[SECURITY] [DSA 4240-1] php7.0 security update
2018-07-05 20:34:23
[SECURITY] [DLA 1397-1] php5 security update
2018-06-26 18:41:29
fedora
fedora
[SECURITY] Fedora 27 Update: php-7.1.15-1.fc27
2018-03-06 17:36:41
[SECURITY] Fedora 26 Update: php-7.1.15-1.fc26
2018-03-11 20:00:15
hackerone
hackerone
Internet Bug Bounty: memory corruption while parsing HTTP response
2018-02-27 09:14:23
packetstorm
packetstorm
PHP 7.22 php_stream_url_wrap_http_ex Buffer Overflow
2018-06-06 00:00:00
zdt
zdt
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow Exploit
2018-06-06 00:00:00
cve
cve
CVE-2018-7584
2018-03-01 19:29:00
redhatcve
redhatcve
CVE-2018-7584
2019-11-07 21:45:57
ubuntucve
ubuntucve
CVE-2018-7584
2018-03-01 00:00:00
ibm
ibm
amazon
amazon
Important: php71
2018-03-27 21:37:00
mageia
mageia
Updated php packages fix CVE-2018-7584
2018-03-14 19:21:20
ubuntu
ubuntu
PHP vulnerabilities
2018-05-15 00:00:00
PHP vulnerabilities
2018-03-19 00:00:00
redhat
redhat
(RHSA-2020:1112) Moderate: php security update
2020-03-31 09:20:14
centos
centos
php security update
2020-04-08 19:04:38
oraclelinux
oraclelinux
php security update
2020-04-06 00:00:00
suse
suse
Security update for php53 (important)
2018-03-26 15:08:04
apple
apple
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.799 High
EPSS
Percentile
98.3%
Related for ALAS-2018-988