Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-7584 — Improper Restriction of Operations within the Bounds of a Memory Buffer in PHP

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

9.8CRITICALNVD

OSV7.5

EPSS

83.1%

top 0.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Php5 PHP Apple Macos High Sierra 10.13.5 Security Update 2018-003 Sierra Security Update 2018-0 +2 more

Timeline

PublishedMar 1

Latest updateMay 14

Description

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDphp/php7.0.0 — 7.0.28+3

▶Alpinephp5/php5< 5.6.34-r0+1

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.24

▶Appleapple/macos_high_sierra_10.13.5_security_update_2018-003_sierra_security_update_2018-0

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-w5h8-6928-2j67: In PHP through 5↗2022-05-14

▶

OSV

php5, php7.0, php7.1 vulnerabilities↗2018-03-19

▶

OSV

CVE-2018-7584: In PHP through 5↗2018-03-01

▶

💥Exploits & PoCs

Exploit-DB

PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow↗2018-06-06

▶

📋Vendor Advisories

Apple

CVE-2018-7584: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan↗2018-06-01

▶

Ubuntu

PHP vulnerabilities↗2018-05-15

▶

Ubuntu

PHP vulnerabilities↗2018-03-19

▶

Red Hat

php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response↗2018-02-20

▶

🕵️Threat Intelligence

Tenable

[R2] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability↗2018-04-05

▶

💬Community

Bugzilla

CVE-2018-7584 php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response↗2018-03-02

▶

Bugzilla

CVE-2018-7584 php: Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service [fedora-all]↗2018-03-02

▶