CVE-2018-14851 – php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()
https://notcve.org/view.php?id=CVE-2018-14851
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. exif_process_IFD_in_MAKERNOTE en ext/exif/exif.c en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la 7.2.8 permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo JPEG manipulado. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104871 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76557 https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html https://security.netapp.com/advisory/ntap-20181107-0003 https://usn.ubuntu.com/3766-1 https://usn.ubuntu.com/3766-2 https://www.debian.org/security/2018/dsa-4353 https://www.tenable.com/security/tns- • CWE-125: Out-of-bounds Read •
CVE-2017-9120 – php: Integer overflow in mysqli_api.c:mysqli_real_escape_string()
https://notcve.org/view.php?id=CVE-2017-9120
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. PHP en versiones 7.x hasta la 7.1.5, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer y cierre inesperado de la aplicación) o, probablemente, cualquier otro tipo de problema mediante una cadena larga debido a un desbordamiento de enteros en mysqli_real_escape_string. • https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=74544 https://security.netapp.com/advisory/ntap-20181107-0003 https://access.redhat.com/security/cve/CVE-2017-9120 https://bugzilla.redhat.com/show_bug.cgi?id=1611898 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-11756
https://notcve.org/view.php?id=CVE-2018-11756
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. En PHP Runtime para Apache OpenWhisk, una acción Docker que hereda una de las etiquetas Docker openwhisk/action-php-v7.2:1.0.0 o openwhisk/action-php-v7.1:1.0.1 (o anteriores) podría permitir que un atacante reemplace la función de usuario en el contenedor si el código de usuario es vulnerable a la explotación de código. • http://www.securityfocus.com/bid/104915 https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ee4b7b695929b628d560e0dad1 https://lists.apache.org/thread.html/439bd5ff5822708c645a0d816ed9914b88c97eda32eae6ea211bc0dc%40%3Cdev.openwhisk.apache.org%3E https://www.puresec.io/hubfs/Apache%20OpenWhisk%20PureSec%20Security%20Advisory.pdf •
CVE-2018-10549 – php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
https://notcve.org/view.php?id=CVE-2018-10549
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. exif_read_data en ext/exif/exif.c tiene una lectura fuera de límites para los datos JPEG manipulados debido a que exif_iif_add_value gestiona de manera incorrecta el caso de un MakerNote que carece de un carácter "\0" final. An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76130 https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/3646-1 https://www.debian.org/security/2018 • CWE-125: Out-of-bounds Read •
CVE-2018-10548 – php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply
https://notcve.org/view.php?id=CVE-2018-10548
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 07.1.17 y versiones 7.2.x anteriores a la 7.2.5. ext/ldap/ldap.c permite que servidores LDAP remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) debido a la gestión incorrecta del valor de retorno ldap_get_dn. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76248 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https • CWE-476: NULL Pointer Dereference •