Skip to Main Content

Multiple Vulnerabilities in PHP Could Allow for Denial of Service

Date(s) Issues: 05/18/2020

Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for a denial-of-service condition. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow an attacker to crash the PHP process. This could allow for a denial-of-service condition once the process stops running.

 

Systems Affected

  • PHP 7.2 Prior to Version 7.2.3
  • PHP 7.2.4 Prior to Version 7.3.17
  • PHP 7.3.2 Prior to Version 7.4.5

 

Risk

GOVERNMENT

  • Large and medium government entities: HIGH
  • Small government entities: HIGH

BUSINESSES

  • Large and medium business entities: HIGH
  • Small business entities: HIGH

 

Technical Summary

Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for a denial-of-service condition. Details of these vulnerabilities are as below:

Version 7.2.30

  • Bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
  • Bug #79330 (shell_exec() silently truncates after a null byte).
  • Bug #79465 (OOB Read in urldecode()).

Version 7.3.17

  • Bug #79364 (When copy empty array, next key is unspecified).
  • Bug #78210 (Invalid pointer address).
  • Bug #79199 (curl_copy_handle() memory leak).
  • Bug #79396 (DateTime hour incorrect during DST jump forward).
  • Bug #79200 (Some iconv functions cut Windows-1258).
  • Bug #79412 (Opcache chokes and uses 100% CPU on specific script).
  • Bug #79413 (session_create_id() fails for active sessions).
  • Bug #79427 (Integer Overflow in shmop_open()).
  • Bug #61597 (SXE properties may lack attributes and content).
  • Bug #75673 (SplStack::unserialize() behavior).
  • Bug #79393 (Null coalescing operator failing with SplFixedArray).
  • Bug #79330 (shell_exec() silently truncates after a null byte).
  • Bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
  • Bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
  • Bug #79296 (ZipArchive::open fails on empty file).
  • Bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
REFERENCES

Center for Internet Security

Tags
Vulnerability