|CERT-In Vulnerability Note
Multiple Vulnerabilities in PHP
Original Issue Date:November 28, 2018
Severity Rating: HIGH
- PHP Versions 5.x through 7.1.24
Multiple Denial of Service Vulnerabilities have been reported in PHP which could allow a remote attacker to cause a denial of service (DoS) condition on a targeted system.
1. Denial of Service Vulnerability
The denial of service vulnerability exists in ext/standard/var.c file of the affected software due to a NULL pointer dereference condition. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted request to the affected software. Successful exploitation of this vulnerability could allow an attacker to trigger a NULL pointer dereference condition to cause the software crash, resulting in a DoS condition on the targeted system.
Update to the latest version
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003