CVE-2018-14884

Published: Aug 3, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

Affected (4)

Products: Php: Php · Netapp: Storage Automation Store

1 product

1 product

Storage Automation Store

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	From 7.0.0 to 7.0.27
Php Php	From 7.1.0 to 7.1.13
Php Php	From 7.2.0 to 7.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Storage Automation Store	All versions

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

http://php.net/ChangeLog-7.php

Source: cve@mitre.org

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:2519

Source: cve@mitre.org

https://bugs.php.net/bug.php?id=75535

Source: cve@mitre.org

ExploitIssue TrackingPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20181107-0003/

Source: cve@mitre.org

Third Party Advisory

http://php.net/ChangeLog-7.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:2519

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=75535

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20181107-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.