9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.62 Medium
EPSS
Percentile
97.8%
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)
Security Fix(es):
php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)
php: Use after free in wddx_deserialize (CVE-2016-7413)
php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)
php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)
php: Missing type check when unserializing SplArray (CVE-2016-7417)
php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)
php: Use-after-free vulnerability when resizing the ‘properties’ hash table of a serialized object (CVE-2016-7479)
php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
php: Use After Free in unserialize() (CVE-2016-9936)
php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)
php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)
php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)
php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)
php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)
gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
gd: Integer overflow in gd_io.c (CVE-2016-10168)
php: Use of uninitialized memory in unserialize() (CVE-2017-5340)
php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)
oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)
oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)
oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)
oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)
oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)
php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)
php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)
php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)
php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)
php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)
php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)
php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)
php: reflected XSS in .phar 404 page (CVE-2018-5712)
php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)
php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)
php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)
php: buffer over-read in finish_nested_data function (CVE-2017-12933)
php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)
php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | rh-php70-php-ldap | < 7.0.27-1.el6 | rh-php70-php-ldap-7.0.27-1.el6.x86_64.rpm |
RedHat | 6 | x86_64 | rh-php70-php-pspell | < 7.0.27-1.el6 | rh-php70-php-pspell-7.0.27-1.el6.x86_64.rpm |
RedHat | 7 | x86_64 | rh-php70-php-opcache | < 7.0.27-1.el7 | rh-php70-php-opcache-7.0.27-1.el7.x86_64.rpm |
RedHat | 7 | x86_64 | rh-php70-php-pdo | < 7.0.27-1.el7 | rh-php70-php-pdo-7.0.27-1.el7.x86_64.rpm |
RedHat | 7 | x86_64 | rh-php70-php | < 7.0.27-1.el7 | rh-php70-php-7.0.27-1.el7.x86_64.rpm |
RedHat | 6 | x86_64 | rh-php70-php-zip | < 7.0.27-1.el6 | rh-php70-php-zip-7.0.27-1.el6.x86_64.rpm |
RedHat | 6 | x86_64 | rh-php70-php-opcache | < 7.0.27-1.el6 | rh-php70-php-opcache-7.0.27-1.el6.x86_64.rpm |
RedHat | 6 | x86_64 | rh-php70-php-gd | < 7.0.27-1.el6 | rh-php70-php-gd-7.0.27-1.el6.x86_64.rpm |
RedHat | 7 | x86_64 | rh-php70-php-ldap | < 7.0.27-1.el7 | rh-php70-php-ldap-7.0.27-1.el7.x86_64.rpm |
RedHat | 7 | x86_64 | rh-php70-php-soap | < 7.0.27-1.el7 | rh-php70-php-soap-7.0.27-1.el7.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.62 Medium
EPSS
Percentile
97.8%