Vulnerabilities > CVE-2018-14884 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

php

netapp

CWE-476

nessus

NVD

Published: 2018-08-03

Updated: 2019-08-19

Summary

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 7.2.0 PHP PHP 7.1.0 PHP PHP 7.1.1 PHP PHP 7.1.2 PHP PHP 7.1.3 PHP PHP 7.1.4 PHP PHP 7.1.5 PHP PHP 7.1.6 PHP PHP 7.1.7 PHP PHP 7.1.8 PHP PHP 7.1.9 PHP PHP 7.1.10 PHP PHP 7.1.11 PHP PHP 7.1.12 PHP PHP 7.0.0 PHP PHP 7.0.1 PHP PHP 7.0.2 PHP PHP 7.0.3 PHP PHP 7.0.4 PHP PHP 7.0.5 PHP PHP 7.0.6 PHP PHP 7.0.7 PHP PHP 7.0.8 PHP PHP 7.0.9 PHP PHP 7.0.10 PHP PHP 7.0.11 PHP PHP 7.0.12 PHP PHP 7.0.13 PHP PHP 7.0.14 PHP PHP 7.0.15 PHP PHP 7.0.16 PHP PHP 7.0.17 PHP PHP 7.0.18 PHP PHP 7.0.19 PHP PHP 7.0.20 PHP PHP 7.0.21 PHP PHP 7.0.22 PHP PHP 7.0.23 PHP PHP 7.0.24 PHP PHP 7.0.25 PHP PHP 7.0.26	157
Application	Netapp Netapp Storage Automation Store -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	CGI abuses
NASL id	PHP_7_2_1.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.1. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user
last seen	2020-06-01
modified	2020-06-02
plugin id	105774
published	2018-01-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/105774
title	PHP 7.2.x < 7.2.1 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105774); script_version("1.9"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-5711", "CVE-2018-5712", "CVE-2018-14884"); script_bugtraq_id(102742, 102743, 104968); script_name(english:"PHP 7.2.x < 7.2.1 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.1. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2018-5712) - A denial of service (DoS) vulnerability exists in the ext/standard/http_fopen_wrapper.c script due to http_header_value possibly being a NULL value in an atoi call. An unauthenticated, remote attacker can exploit this issue, via a specifically crafted HTTP response, to cause the application to stop responding. (CVE-2018-14884) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.2.1"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 7.2.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5712"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); include("http.inc"); include("webapp_func.inc"); vcf::php::initialize(); port = get_http_port(default:80, php:TRUE); app_info = vcf::php::get_app_info(port:port); flags = [ { "xss" : TRUE } ]; constraints = [ { "min_version" : "7.2.0alpha0", "fixed_version" : "7.2.1" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:flags);

NASL family	CGI abuses
NASL id	PHP_7_1_13.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user
last seen	2020-06-01
modified	2020-06-02
plugin id	105773
published	2018-01-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/105773
title	PHP 7.1.x < 7.1.13 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105773); script_version("1.9"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-5711", "CVE-2018-5712", "CVE-2018-14884"); script_bugtraq_id(102742, 102743, 104968); script_name(english:"PHP 7.1.x < 7.1.13 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2018-5712) - A denial of service (DoS) vulnerability exists in the ext/standard/http_fopen_wrapper.c script due to http_header_value possibly being a NULL value in an atoi call. An unauthenticated, remote attacker can exploit this issue, via a specifically crafted HTTP response, to cause the application to stop responding. (CVE-2018-14884) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.1.13"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 7.1.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5712"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); include("http.inc"); include("webapp_func.inc"); vcf::php::initialize(); port = get_http_port(default:80, php:TRUE); app_info = vcf::php::get_app_info(port:port); flags = [ { "xss" : TRUE } ]; constraints = [ { "min_version" : "7.1.0alpha0", "fixed_version" : "7.1.13" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:flags);

NASL family	CGI abuses
NASL id	PHP_7_0_27.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user
last seen	2020-06-01
modified	2020-06-02
plugin id	105772
published	2018-01-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/105772
title	PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

Redhat

advisories

rhsa

id	RHSA-2019:2519

rpms

rh-php71-php-0:7.1.30-1.el7
rh-php71-php-bcmath-0:7.1.30-1.el7
rh-php71-php-cli-0:7.1.30-1.el7
rh-php71-php-common-0:7.1.30-1.el7
rh-php71-php-dba-0:7.1.30-1.el7
rh-php71-php-dbg-0:7.1.30-1.el7
rh-php71-php-debuginfo-0:7.1.30-1.el7
rh-php71-php-devel-0:7.1.30-1.el7
rh-php71-php-embedded-0:7.1.30-1.el7
rh-php71-php-enchant-0:7.1.30-1.el7
rh-php71-php-fpm-0:7.1.30-1.el7
rh-php71-php-gd-0:7.1.30-1.el7
rh-php71-php-gmp-0:7.1.30-1.el7
rh-php71-php-intl-0:7.1.30-1.el7
rh-php71-php-json-0:7.1.30-1.el7
rh-php71-php-ldap-0:7.1.30-1.el7
rh-php71-php-mbstring-0:7.1.30-1.el7
rh-php71-php-mysqlnd-0:7.1.30-1.el7
rh-php71-php-odbc-0:7.1.30-1.el7
rh-php71-php-opcache-0:7.1.30-1.el7
rh-php71-php-pdo-0:7.1.30-1.el7
rh-php71-php-pgsql-0:7.1.30-1.el7
rh-php71-php-process-0:7.1.30-1.el7
rh-php71-php-pspell-0:7.1.30-1.el7
rh-php71-php-recode-0:7.1.30-1.el7
rh-php71-php-snmp-0:7.1.30-1.el7
rh-php71-php-soap-0:7.1.30-1.el7
rh-php71-php-xml-0:7.1.30-1.el7
rh-php71-php-xmlrpc-0:7.1.30-1.el7
rh-php71-php-zip-0:7.1.30-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References