Lucene search

K
nessusTenable9580.PRM
HistorySep 26, 2016 - 12:00 a.m.

PHP 5.6.x < 5.6.26 / 7.0.x < 7.0.11 Multiple Vulnerabilities

2016-09-2600:00:00
Tenable
www.tenable.com
14

Versions of PHP 5.6.x prior to 5.6.26 and 7.0.x prior to 7.0.11 are vulnerable to the following issues :

  • An overflow condition exists in the ‘msgfmt_format_message()’ function in ‘common/locid.cpp’ that is triggered when handling local strings. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code.
  • An overflow condition exists in the ‘php_mysqlnd_rowp_read_text_protocol_aux()’ function in ‘ext/mysqlnd/mysqlnd_wireprotocol.c’ that is triggered when handling the BIT field. This may allow a context-dependent or Man-in-the-Middle (MitM) attacker to cause a heap-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code.
  • A use-after-free error exists in the ‘wddx_stack_destroy()’ function in ‘ext/wddx/wddx.c’ that is triggered when deserializing ‘recordset’ elements. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.
  • An out-of-bounds access flaw exists in the ‘phar_parse_zipfile()’ function in ‘ext/phar/zip.c’ that is triggered when handling the uncompressed file size. This may allow a remote attacker to have an unspecified impact.
  • A flaw exists in the ‘spl_array_get_dimension_ptr_ptr()’ function in ‘ext/spl/spl_array.c’ that is triggered as types are not properly checked during the unserialization of ‘SplArray’. This may allow a remote attacker to cause a crash or potentially have a more severe, unspecified impact.
  • An out-of-bounds access flaw exists in the ‘phar_parse_tarfile()’ function in ‘ext/phar/tar.c’ that is triggered during the verification of signatures. This may allow a remote attacker to have an unspecified impact.
  • A flaw is triggered as certain input is not properly validated when destroying deserialized objects. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.
  • An out-of-bounds read flaw exists in the ‘php_wddx_push_element()’ function in ‘ext/wddx/wddx.c’ that may allow a remote attacker to cause a crash or potentially disclose memory contents.
  • An integer overflow flaw exists in the ‘fgetcsv()’ function. The issue is triggered as certain input is not properly validated when handling CSV field lengths. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.
  • An integer overflow flaw exists in the ‘wordwrap()’ function in ‘ext/standard/string.c’. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.
  • An integer overflow flaw exists in the ‘fgets()’ function in ‘ext/standard/file.c’. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.
  • An integer overflow condition exists in the ‘xml_utf8_encode()’ function in ‘ext/xml/xml.c’. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to have an unspecified impact.
  • A flaw exists in the ‘exif_process_IFD_in_TIFF()’ function in ‘ext/exif/exif.c’ that is triggered during the handling of uninitialized thumbnail data. This may allow a remote attacker to disclose the contents of memory.
Binary data 9580.prm
VendorProductVersion
phpphp