CVE-2017-8923
https://notcve.org/view.php?id=CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. La función zend_string_extend en el archivo Zend/zend_string.h en PHP hasta de la versión 7.1.5 no impide cambios en los objetos de cadena que resultan en una longitud negativa, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente tener otro impacto no especificado explotando el uso de scripts .= con una cadena larga. • http://www.securityfocus.com/bid/98518 https://bugs.php.net/bug.php?id=74577 • CWE-787: Out-of-bounds Write •
CVE-2017-7963
https://notcve.org/view.php?id=CVE-2017-7963
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior. ** DISPUTADA ** Las interfaces GNU Multiple Precision Arithmetic Library (GMP) para PHP hasta la versión 7.1.4 permiten a atacantes provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de operaciones en cadenas largas. NOTA: el proveedor se opone a esto, declarando: "No hay ningún problema de seguridad aquí, porque GMP aborta de forma segura en caso de una condición de OOM. • https://bugs.php.net/bug.php?id=74308 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2017-7272
https://notcve.org/view.php?id=CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. PHP hasta la versión 7.1.11 podría permitir SSRF en aplicaciones que aceptan un argumento de nombre de host fsockopen o pfsockopen con la expectativa de que el número de puerto esté limitado. Debido a que se reconoce una sintaxis :port, fsockopen empleará el número de puerto especificado en el argumento del nombre de host en lugar del número de puerto en el segundo argumento de la función. • http://www.securityfocus.com/bid/97178 http://www.securitytracker.com/id/1038158 https://bugs.php.net/bug.php?id=74216 https://bugs.php.net/bug.php?id=75505 https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a https://security.netapp.com/advisory/ntap-20180112-0001 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2015-8994
https://notcve.org/view.php?id=CVE-2015-8994
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). • http://marc.info/?l=php-internals&m=147876797317925&w=2 http://marc.info/?l=php-internals&m=147921016724565&w=2 http://openwall.com/lists/oss-security/2017/02/28/1 http://seclists.org/oss-sec/2016/q4/343 http://seclists.org/oss-sec/2017/q1/520 https://bugs.php.net/bug.php?id=69090 https://ma.ttias.be/a-better-way-to-run-php-fpm • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-10160 – php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive
https://notcve.org/view.php?id=CVE-2016-10160
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. Error por un paso en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un archivo PHAR manipulado con un desajuste del alias. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2017/dsa-3783 http://www.securityfocus.com/bid/95783 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73768 https://github.com/php/php-src/commit/b28b8b2fee6dfa6fcd13305c581bb835689ac3be https://security.gentoo.org/glsa/201702-29 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.tenable.co • CWE-193: Off-by-one Error •