CVE-2018-10548NULL Pointer Dereference in PHP

CWE-476NULL Pointer Dereference11 documents7 sources
Severity
7.5HIGHNVD
OSV4.7
EPSS
52.7%
top 2.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PHPPhp5Canonical Ubuntu Linux+1 more
Timeline
PublishedApr 29
Latest updateMay 14

Description

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDphp/php7.0.07.0.30+3
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.25

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

Patches

Patch: php.netPatch: php.netPatch: bugs.php.net

🔴Vulnerability Details

3
GHSA
GHSA-pj74-6489-hfx6: An issue was discovered in PHP before 52022-05-14
OSV
php5, php7.0, php7.1, php7.2 vulnerabilities2018-05-14
OSV
CVE-2018-10548: An issue was discovered in PHP before 52018-04-29

📋Vendor Advisories

3
Ubuntu
PHP vulnerabilities2018-05-16
Ubuntu
PHP vulnerabilities2018-05-14
Red Hat
php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply2018-04-26

🕵️Threat Intelligence

2
Trendmicro
Current and Future Attacks Threatening Esports2019-10-29
Trendmicro
Current and Future Attacks Threatening Esports2019-10-29

💬Community

2
Bugzilla
CVE-2018-10548 php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply2018-05-02
Bugzilla
CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]2018-05-02