logo
DATABASE RESOURCES PRICING ABOUT US

RHEL 8 : php:7.3 (RHSA-2020:3662)

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3662 advisory. - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) - php: Buffer over-read in exif_read_data() (CVE-2019-11040) - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) - php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) - php: Information disclosure in exif_read_data() (CVE-2019-11047) - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048) - php: Out of bounds read when parsing EXIF information (CVE-2019-11050) - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224) - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163) - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246) - pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059) - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062) - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) - php: Information disclosure in exif_read_data() function (CVE-2020-7064) - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065) - php: Information disclosure in function get_headers (CVE-2020-7066) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related