CVE-2018-10546
published 2018-04-29CVE-2018-10546: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c…
PriorityP343high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
10.56%
95.2th percentile
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| php | php | < 5.6.36 | 5.6.36 |
| php | php | >= 7.0.0 < 7.0.30 | 7.0.30 |
| php | php | >= 7.1.0 < 7.1.17 | 7.1.17 |
| php | php | >= 7.2.0 < 7.2.5 | 7.2.5 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.25 | 5.5.9+dfsg-1ubuntu4.25 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via the iconv stream filter using the 'convert.iconv' filter on invalid multibyte sequences, causing an infinite loop in ext/iconv/iconv.c — monitor for PHP processes hanging or consuming excessive CPU when processing stream filters. ↗
- →Attack vector is remote — a remote attacker sending invalid multibyte sequences through a PHP application using the iconv stream filter can cause a denial of service by hanging the PHP process. ↗
- →The upstream patch commit can be used to identify the exact code change and derive file-integrity or behavioral detections: https://git.php.net/?p=php-src.git;a=commit;h=06d309fd7a917575d65c7a6f4f57b0e6bb0f9711 ↗
- ·Red Hat notes that RHEL 5, 6, and 7 ship vulnerable code but the linked test case (using php://memory stream) could not be reproduced; other trigger paths may still exist. ↗
- ·Affected PHP versions are before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5; PHP 8 on RHEL is listed as not affected. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2396-h4jp-vpjg: An issue was discovered in PHP before 5
ghsa_unreviewed·2022-05-13
CVE-2018-10546 [HIGH] CWE-835 GHSA-2396-h4jp-vpjg: An issue was discovered in PHP before 5
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
OSV
php5, php7.0, php7.1, php7.2 vulnerabilities
osv·2018-05-14·CVSS 4.7
CVE-2018-10545 [MEDIUM] php5, php7.0, php7.1, php7.2 vulnerabilities
php5, php7.0, php7.1, php7.2 vulnerabilities
It was discovered that PHP incorrectly handled opcache access controls
when configured to use PHP-FPM. A local user could possibly use this issue
to obtain sensitive information from another user's PHP applications.
(CVE-2018-10545)
It was discovered that the PHP iconv stream filter incorrect handled
certain invalid multibyte sequences. A remote attacker could possibly use
this issue to cause PHP to hang, resulting in a denial of service.
(CVE-2018-10546)
It was discovered that the PHP PHAR error pages incorrectly filtered
certain data. A remote attacker could possibly use this issue to perform
a reflected XSS attack. (CVE-2018-10547)
It was discovered that PHP incorrectly handled LDAP. A malicious remote
LDAP server could possibly use this
OSV
CVE-2018-10546: An issue was discovered in PHP before 5
osv·2018-04-29·CVSS 7.5
CVE-2018-10546 [HIGH] CVE-2018-10546: An issue was discovered in PHP before 5
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2018-05-14·CVSS 4.7
CVE-2018-10545 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled opcache access controls
when configured to use PHP-FPM. A local user could possibly use this issue
to obtain sensitive information from another user's PHP applications.
(CVE-2018-10545)
It was discovered that the PHP iconv stream filter incorrect handled
certain invalid multibyte sequences. A remote attacker could possibly use
this issue to cause PHP to hang, resulting in a denial of service.
(CVE-2018-10546)
It was discovered that the PHP PHAR error pages incorrectly filtered
certain data. A remote attacker could possibly use this issue to perform
a reflected XSS attack. (CVE-2018-10547)
It was discovered that PHP incorrectly handled LDAP. A malicious remote
L
Red Hat
php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
vendor_redhat·2018-04-26·CVSS 7.5
CVE-2018-10546 [HIGH] CWE-835 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package: php (Red Hat Ente
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
bugzilla·2018-05-02·CVSS 7.5
CVE-2018-10546 [HIGH] CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
Upstream bug:
https://bugs.php.net/bug.php?id=76249
Upstream patch:
https://git.php.net/?p=php-src.git;a=commit;h=06d309fd7a917575d65c7a6f4f57b0e6bb0f9711
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1573816]
---
The versions of PHP as provided by Red Hat Enterprise Linux 5, 6 and 7, though they do contain the vulnerable code, cannot be used to trigger the vulnerability wit
Bugzilla
CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]
bugzilla·2018-05-02·CVSS 7.5
CVE-2018-10546 [HIGH] CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]
CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://www.securityfocus.com/bid/104019http://www.securitytracker.com/id/1040807https://access.redhat.com/errata/RHSA-2019:2519https://bugs.php.net/bug.php?id=76249https://lists.debian.org/debian-lts-announce/2018/06/msg00005.htmlhttps://security.gentoo.org/glsa/201812-01https://security.netapp.com/advisory/ntap-20180607-0003/https://usn.ubuntu.com/3646-1/https://www.debian.org/security/2018/dsa-4240https://www.tenable.com/security/tns-2018-12http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://www.securityfocus.com/bid/104019http://www.securitytracker.com/id/1040807https://access.redhat.com/errata/RHSA-2019:2519https://bugs.php.net/bug.php?id=76249https://lists.debian.org/debian-lts-announce/2018/06/msg00005.htmlhttps://security.gentoo.org/glsa/201812-01https://security.netapp.com/advisory/ntap-20180607-0003/https://usn.ubuntu.com/3646-1/https://www.debian.org/security/2018/dsa-4240https://www.tenable.com/security/tns-2018-12
2018-04-29
Published