ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2018-20783

Updated: 2024-11-22 02:19:53.762315

Description:

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x	MEDIUM	5
CVSS Version 3.x	HIGH	7.5

Status

OS name	Project name	Version	Score	Severity	Status	Last updated
EL 6 PHP	php	8.1	7.5	HIGH	Ignored	2024-05-14 17:19:11
EL 6 PHP	php	7.1	7.5	HIGH	Ignored	2024-05-14 17:19:11
EL 6 PHP	php	7.0	7.5	HIGH	Ignored	2024-05-14 17:19:11
EL 6 PHP	php	8.2	7.5	HIGH	Ignored	2024-05-14 17:19:12
EL 6 PHP	php	5.4	7.5	HIGH	Ignored	2024-05-14 17:19:21
EL 6 PHP	php	5.2	7.5	HIGH	Ignored	2024-05-14 17:19:21
EL 6 PHP	php	5.3	7.5	HIGH	Ignored	2024-05-14 17:19:21
EL 6 PHP	php	7.2	7.5	HIGH	Ignored	2024-05-14 17:19:21
EL 6 PHP	php	7.3	7.5	HIGH	Ignored	2024-05-14 17:19:21
EL 6 PHP	php	8.0	7.5	HIGH	Ignored	2024-05-14 17:19:15

Total: 97