Lucene search

Veracode Vulnerability DatabaseVERACODE:19300

HistoryMay 16, 2019 - 2:59 a.m.

Out-Of-Bounds Read

2019-05-1602:59:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

PHP is vulnerable to out-of-bounds read attacks. This exists in the php_wddx_push_element function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

CPENameOperatorVersion
rh-php70-phpeq7.0.10__2.el7
rh-php70-phpeq7.0.10__2.el6
rh-php70-phpeq7.0.10__2.el7
rh-php70-phpeq7.0.10__2.el6

Name	Operator	Version
rh-php70-php	eq	7.0.10__2.el7
rh-php70-php	eq	7.0.10__2.el6
rh-php70-php	eq	7.0.10__2.el7
rh-php70-php	eq	7.0.10__2.el6

References

lists.opensuse.org/opensuse-updates/2016-12/msg00142.html

lists.opensuse.org/opensuse-updates/2017-01/msg00034.html

lists.opensuse.org/opensuse-updates/2017-01/msg00054.html

www.debian.org/security/2016/dsa-3737

www.openwall.com/lists/oss-security/2016/12/12/2

www.php.net/ChangeLog-5.php

www.php.net/ChangeLog-7.php

www.securityfocus.com/bid/94846

access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php

access.redhat.com/errata/RHSA-2018:1296

access.redhat.com/security/updates/classification/#moderate

bugs.php.net/bug.php?id=73631

github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0

security.gentoo.org/glsa/201702-29

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:19300