PHP Multiple Heap Buffer Overflow Vulnerabilities



PHP is prone to multiple heap-based buffer-overflow vulnerabilities.

Successfully exploiting these issues allow remote attackers to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

Versions prior to PHP 5.6.37, 7.1.20, 7.2.8, and 7.0.31 are vulnerable.

Information

Bugtraq ID: 104871
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Jul 19 2018 12:00AM
Updated: Jul 19 2018 12:00AM
Credit: Kaiyi and Geeknik.
Vulnerable: PHP PHP 7.2.7
PHP PHP 7.2.5
PHP PHP 7.2.4
PHP PHP 7.2.3
PHP PHP 7.2.2
PHP PHP 7.2.1
PHP PHP 7.2
PHP PHP 7.1.17
PHP PHP 7.1.16
PHP PHP 7.1.13
PHP PHP 7.1.12
PHP PHP 7.1.11
PHP PHP 7.1.8
PHP PHP 7.1.7
PHP PHP 7.1.6
PHP PHP 7.1.5
PHP PHP 7.1.4
PHP PHP 7.1.1
PHP PHP 7.1
PHP PHP 7.0.30
PHP PHP 7.0.29
PHP PHP 7.0.27
PHP PHP 7.0.26
PHP PHP 7.0.25
PHP PHP 7.0.22
PHP PHP 7.0.21
PHP PHP 7.0.17
PHP PHP 7.0.16
PHP PHP 7.0.15
PHP PHP 7.0.14
PHP PHP 7.0.12
PHP PHP 7.0.5
PHP PHP 7.0.3
PHP PHP 5.6.36
PHP PHP 5.6.35
PHP PHP 5.6.33
PHP PHP 5.6.32
PHP PHP 5.6.31
PHP PHP 5.6.30
PHP PHP 5.6.29
PHP PHP 5.6.27
PHP PHP 5.6.22
PHP PHP 5.6.21
PHP PHP 5.6.20
PHP PHP 5.6.19
PHP PHP 5.6.18
PHP PHP 5.6.17
PHP PHP 5.6.13
PHP PHP 5.6.12
PHP PHP 5.6.11
PHP PHP 5.6.5
PHP PHP 5.6.4
PHP PHP 5.6.1
PHP PHP 5.6
PHP PHP 7.1.3
PHP PHP 7.1.2
PHP PHP 7.1.14
PHP PHP 7.0.9
PHP PHP 7.0.8
PHP PHP 7.0.7
PHP PHP 7.0.6
PHP PHP 7.0.4
PHP PHP 7.0.2
PHP PHP 7.0.13
PHP PHP 7.0.11
PHP PHP 7.0.10
PHP PHP 7.0.1
PHP PHP 5.6.9
PHP PHP 5.6.8
PHP PHP 5.6.7
PHP PHP 5.6.6
PHP PHP 5.6.34
PHP PHP 5.6.3
PHP PHP 5.6.28
PHP PHP 5.6.26
PHP PHP 5.6.25
PHP PHP 5.6.24
PHP PHP 5.6.23
PHP PHP 5.6.2
PHP PHP 5.6.14
PHP PHP 5.6.10


Not Vulnerable: PHP PHP 7.2.8
PHP PHP 7.1.20
PHP PHP 7.0.31
PHP PHP 5.6.37


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts