CVE-2018-14884

php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

Se ha descubierto un problema en PHP en versiones 7.0.x anteriores a la 7.0.27, versiones 7.1.x anteriores a la 7.1.13 y versiones 7.2.x anteriores a la 7.2.1. El análisis inadecuado de una respuesta HTTP conduce a un fallo de segmentación debido a que http_header_value en ext/standard/http_fopen_wrapper.c puede ser un valor NULL que se gestiona erróneamente en una llamada atoi.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-08-03 CVE Reserved
2018-08-03 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference
CWE-665: Improper Initialization

CAPEC

References (6)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20181107-0003	Third Party Advisory

URL	Date	SRC
https://bugs.php.net/bug.php?id=75535	2024-08-05

URL	Date	SRC

URL	Date	SRC
http://php.net/ChangeLog-7.php	2019-08-19
https://access.redhat.com/errata/RHSA-2019:2519	2019-08-19
https://access.redhat.com/security/cve/CVE-2018-14884	2019-08-19
https://bugzilla.redhat.com/show_bug.cgi?id=1612362	2019-08-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.0.0 < 7.0.27 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.27"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.1.0 < 7.1.13 Search vendor "Php" for product "Php" and version " >= 7.1.0 < 7.1.13"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.2.0 < 7.2.1 Search vendor "Php" for product "Php" and version " >= 7.2.0 < 7.2.1"		-		Affected
Netapp Search vendor "Netapp"		Storage Automation Store Search vendor "Netapp" for product "Storage Automation Store"				-		-		Affected