Updated: 2024-11-23 02:20:26.152929
Description:
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 6.8 |
CVSS Version 3.x | CRITICAL | 9.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Not Vulnerable | 2022-07-18 11:44:30 | ||
CentOS 7 ELS | php | 5.4.16 | 9.8 | CRITICAL | Not Vulnerable | 2024-01-22 08:40:42 | ||
CentOS 8.4 ELS | php | 7.4.6 | 9.8 | CRITICAL | Released | CLSA-2022:1647550779 | 2022-04-18 15:53:22 | |
CentOS 8.5 ELS | php | 7.4.19 | 9.8 | CRITICAL | Released | CLSA-2022:1647550845 | 2022-04-18 15:53:23 | |
CloudLinux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Not Vulnerable | 2022-07-18 11:44:29 | ||
Oracle Linux 6 ELS | php | 5.3.3 | 9.8 | CRITICAL | Not Vulnerable | 2022-07-18 11:44:29 | ||
Ubuntu 16.04 ELS | php | 7.0.33 | 9.8 | CRITICAL | Not Vulnerable | 2022-07-18 11:44:29 | ||
Ubuntu 18.04 ELS | php | 7.2.24-0 | 9.8 | CRITICAL | Not Vulnerable | 2023-05-30 08:57:32 |