9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843) Security Fix(es): * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412) * php: Use after free in wddx_deserialize (CVE-2016-7413) * php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414) * php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416) * php: Missing type check when unserializing SplArray (CVE-2016-7417) * php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418) * php: Use-after-free vulnerability when resizing the ‘properties’ hash table of a serialized object (CVE-2016-7479) * php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935) * php: Use After Free in unserialize() (CVE-2016-9936) * php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158) * php: Integer overflow in phar_parse_pharfile (CVE-2016-10159) * php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160) * php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161) * php: Null pointer dereference when unserializing PHP object (CVE-2016-10162) * gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) * gd: Integer overflow in gd_io.c (CVE-2016-10168) * php: Use of uninitialized memory in unserialize() (CVE-2017-5340) * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) * oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224) * oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226) * oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227) * oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228) * oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229) * php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143) * php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144) * php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147) * php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362) * php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934) * php: reflected XSS in .phar 404 page (CVE-2018-5712) * php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933) * php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934) * php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145) * php: buffer over-read in finish_nested_data function (CVE-2017-12933) * php: Out-of-bound read in timelib_meridian() (CVE-2017-16642) * php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 | |
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 |
blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
www.securityfocus.com/bid/95151
www.securitytracker.com/id/1037659
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=73092
security.netapp.com/advisory/ntap-20180112-0001/
www.youtube.com/watch?v=LDcaPstAuPk
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P