CVE-2018-7584
CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44846/unverifiedexploitdbwww.exploit-db.com/exploits/44846unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://php.net/ChangeLog-7.phphttps://access.redhat.com/errata/RHSA-2019:2519https://bugs.php.net/bug.php?id=75981https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bbahttps://lists.debian.org/debian-lts-announce/2018/03/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2018/06/msg00005.htmlhttps://usn.ubuntu.com/3600-1/https://usn.ubuntu.com/3600-2/https://www.debian.org/security/2018/dsa-4240https://www.exploit-db.com/exploits/44846/https://www.tenable.com/security/tns-2018-03https://www.tenable.com/security/tns-2018-12