Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-14884
HistoryAug 03, 2018 - 12:00 a.m.

CVE-2018-14884

2018-08-0300:00:00
ubuntu.com
ubuntu.com
7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

64.5%

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13,
and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a
segmentation fault because http_header_value in
ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in
an atoi call.

Bugs

Notes

Author Note
sbeattie PEAR issues should go against php-pear as of xenial
ratliff issue introduced in 7.0.16, 7.1.2, 7.2-dev per upstream bug

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

64.5%

Related for UB:CVE-2018-14884