Vigil@nce - PHP 7: four vulnerabilities
July 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of PHP.
– Impacted products: PHP.
– Severity: 2/4.
– Creation date: 26/05/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in PHP.
An attacker can force the usage of a freed memory area via
dba_open, in order to trigger a denial of service, and possibly to
run code. [severity:2/4; 72157]
An attacker can force the usage of a freed memory area via
error_reporting, in order to trigger a denial of service, and
possibly to run code. [severity:2/4; 72162]
An attacker can force a NULL pointer to be dereferenced via
mb_ereg_replace, in order to trigger a denial of service.
[severity:2/4; 72164]
An attacker can force a NULL pointer to be dereferenced via
openssl_csr_new, in order to trigger a denial of service.
[severity:2/4; 72165]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/PHP-7-four-vulnerabilities-19711