Vulnerability Details : CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
Vulnerability category: Overflow
Products affected by CVE-2018-7584
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Threat overview for CVE-2018-7584
Top countries where our scanners detected CVE-2018-7584
Top open port discovered on systems with this issue
80
IPs affected by CVE-2018-7584 552,770
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-7584!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-7584
17.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7584
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-7584
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7584
-
https://www.debian.org/security/2018/dsa-4240
Debian -- Security Information -- DSA-4240-1 php7.0Third Party Advisory
-
https://usn.ubuntu.com/3600-2/
USN-3600-2: PHP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html
[SECURITY] [DLA 1326-1] php5 security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/103204
PHP CVE-2018-7584 Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2019:2519
RHSA-2019:2519 - Security Advisory - Red Hat Customer Portal
-
https://bugs.php.net/bug.php?id=75981
PHP :: Sec Bug #75981 :: stack-buffer-overflow while parsing HTTP responseIssue Tracking
-
http://www.securitytracker.com/id/1041607
QNAP Storage Devices PHP Buffer Error Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
Fix bug #75981: prevent reading beyond buffer start · php/php-src@523f230 · GitHubPatch
-
https://usn.ubuntu.com/3600-1/
USN-3600-1: PHP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://www.exploit-db.com/exploits/44846/
PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
https://www.tenable.com/security/tns-2018-03
[R2] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability - Security Advisory | Tenable®Third Party Advisory
-
http://php.net/ChangeLog-7.php
PHP: PHP 7 ChangeLogRelease Notes
-
https://www.tenable.com/security/tns-2018-12
[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
[SECURITY] [DLA 1397-1] php5 security updateMailing List;Third Party Advisory
Jump to