Vulnerability-Lookup

CVE-2018-10548 (GCVE-0-2018-10548)

Vulnerability from cvelistv5 – Published: 2018-04-29 21:00 – Updated: 2024-08-05 07:39

Summary

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/104019	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040807	vdb-entryx_refsource_SECTRACK
	https://usn.ubuntu.com/3646-2/	vendor-advisoryx_refsource_UBUNTU
	https://bugs.php.net/bug.php?id=76248	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4240	vendor-advisoryx_refsource_DEBIAN
	https://www.tenable.com/security/tns-2018-12	x_refsource_CONFIRM
	https://usn.ubuntu.com/3646-1/	vendor-advisoryx_refsource_UBUNTU
	http://php.net/ChangeLog-5.php	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	http://php.net/ChangeLog-7.php	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201812-01	vendor-advisoryx_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-2018060…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:2519	vendor-advisoryx_refsource_REDHAT
	https://www.tenable.com/security/tns-2019-07	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104019",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104019"
          },
          {
            "name": "1040807",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040807"
          },
          {
            "name": "USN-3646-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3646-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=76248"
          },
          {
            "name": "DSA-4240",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-12"
          },
          {
            "name": "USN-3646-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3646-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/ChangeLog-5.php"
          },
          {
            "name": "[debian-lts-announce] 20180509 [SECURITY] [DLA 1373-1] php5 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/ChangeLog-7.php"
          },
          {
            "name": "GLSA-201812-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
          },
          {
            "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
          },
          {
            "name": "RHSA-2019:2519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2519"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-07"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-04T21:06:26.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "104019",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104019"
        },
        {
          "name": "1040807",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040807"
        },
        {
          "name": "USN-3646-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3646-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=76248"
        },
        {
          "name": "DSA-4240",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-12"
        },
        {
          "name": "USN-3646-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3646-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/ChangeLog-5.php"
        },
        {
          "name": "[debian-lts-announce] 20180509 [SECURITY] [DLA 1373-1] php5 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/ChangeLog-7.php"
        },
        {
          "name": "GLSA-201812-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
        },
        {
          "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
        },
        {
          "name": "RHSA-2019:2519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2519"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-07"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104019",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104019"
            },
            {
              "name": "1040807",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040807"
            },
            {
              "name": "USN-3646-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3646-2/"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=76248",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=76248"
            },
            {
              "name": "DSA-4240",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4240"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-12",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-12"
            },
            {
              "name": "USN-3646-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3646-1/"
            },
            {
              "name": "http://php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "name": "[debian-lts-announce] 20180509 [SECURITY] [DLA 1373-1] php5 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
            },
            {
              "name": "http://php.net/ChangeLog-7.php",
              "refsource": "CONFIRM",
              "url": "http://php.net/ChangeLog-7.php"
            },
            {
              "name": "GLSA-201812-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-01"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180607-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
            },
            {
              "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
            },
            {
              "name": "RHSA-2019:2519",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2519"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-07",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-07"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10548",
    "datePublished": "2018-04-29T21:00:00.000Z",
    "dateReserved": "2018-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:08.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2018-09169

Vulnerability from cnvd - Published: 2018-05-09

Title

PHP拒绝服务漏洞（CNVD-2018-09169）

Description

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 PHP中的ext/ldap/ldap.c文件存在安全漏洞，该漏洞源于程序未能正确的处理ldap_get_dn的返回值。攻击者可利用该漏洞造成拒绝服务（空指针逆向引用）。

Severity

中

Patch Name

PHP拒绝服务漏洞（CNVD-2018-09169）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://php.net/ChangeLog-7.php；http://php.net/ChangeLog-5.php

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-10548

Impacted products

Name
['PHP PHP <5.6.36', 'PHP PHP 7.0.，<7.0.30', 'PHP PHP 7.1.，<7.1.17', 'PHP PHP 7.2.*，<7.2.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104019"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10548"
    }
  },
  "description": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHP Group\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u4e3b\u8981\u7528\u4e8eWeb\u5f00\u53d1\uff0c\u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nPHP\u4e2d\u7684ext/ldap/ldap.c\u6587\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406ldap_get_dn\u7684\u8fd4\u56de\u503c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002",
  "discovererName": "cyoung, p dot mehrer and cpicard",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://php.net/ChangeLog-7.php\uff1bhttp://php.net/ChangeLog-5.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09169",
  "openTime": "2018-05-09",
  "patchDescription": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHP Group\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u4e3b\u8981\u7528\u4e8eWeb\u5f00\u53d1\uff0c\u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nPHP\u4e2d\u7684ext/ldap/ldap.c\u6587\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406ldap_get_dn\u7684\u8fd4\u56de\u503c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-09169\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "PHP PHP \u003c5.6.36",
      "PHP PHP 7.0.*\uff0c\u003c7.0.30",
      "PHP PHP 7.1.*\uff0c\u003c7.1.17",
      "PHP PHP 7.2.*\uff0c\u003c7.2.5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-10548",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-02",
  "title": "PHP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-09169\uff09"
}

CERTFR-2019-AVI-546

Vulnerability from certfr_avis - Published: 2019-11-05 - Updated: 2019-11-05

De multiples vulnérabilités ont été découvertes dans Tenable.sc. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions 5.7.X, 5.8.X, 5.9.X, 5.10.X, 5.11.X

References

Title

Publication Time

GSD-2018-10548

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-10548

Aliases

CVE-2018-10548

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10548",
    "description": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.",
    "id": "GSD-2018-10548",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-10548.html",
      "https://www.debian.org/security/2018/dsa-4240",
      "https://access.redhat.com/errata/RHSA-2019:2519",
      "https://ubuntu.com/security/CVE-2018-10548",
      "https://advisories.mageia.org/CVE-2018-10548.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-10548.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10548"
      ],
      "details": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.",
      "id": "GSD-2018-10548",
      "modified": "2023-12-13T01:22:40.989027Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-10548",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104019",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104019"
          },
          {
            "name": "1040807",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040807"
          },
          {
            "name": "USN-3646-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3646-2/"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=76248",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=76248"
          },
          {
            "name": "DSA-4240",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4240"
          },
          {
            "name": "https://www.tenable.com/security/tns-2018-12",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2018-12"
          },
          {
            "name": "USN-3646-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3646-1/"
          },
          {
            "name": "http://php.net/ChangeLog-5.php",
            "refsource": "CONFIRM",
            "url": "http://php.net/ChangeLog-5.php"
          },
          {
            "name": "[debian-lts-announce] 20180509 [SECURITY] [DLA 1373-1] php5 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
          },
          {
            "name": "http://php.net/ChangeLog-7.php",
            "refsource": "CONFIRM",
            "url": "http://php.net/ChangeLog-7.php"
          },
          {
            "name": "GLSA-201812-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201812-01"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180607-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
          },
          {
            "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
          },
          {
            "name": "RHSA-2019:2519",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2519"
          },
          {
            "name": "https://www.tenable.com/security/tns-2019-07",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2019-07"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.30",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.36",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.17",
                "versionStartIncluding": "7.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.5",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10548"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=76248",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugs.php.net/bug.php?id=76248"
            },
            {
              "name": "http://php.net/ChangeLog-7.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://php.net/ChangeLog-7.php"
            },
            {
              "name": "http://php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "name": "104019",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104019"
            },
            {
              "name": "1040807",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040807"
            },
            {
              "name": "[debian-lts-announce] 20180509 [SECURITY] [DLA 1373-1] php5 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
            },
            {
              "name": "USN-3646-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3646-1/"
            },
            {
              "name": "USN-3646-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3646-2/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180607-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
            },
            {
              "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
            },
            {
              "name": "DSA-4240",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4240"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-12",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2018-12"
            },
            {
              "name": "GLSA-201812-01",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201812-01"
            },
            {
              "name": "RHSA-2019:2519",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:2519"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-07",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.tenable.com/security/tns-2019-07"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-08-19T11:15Z",
      "publishedDate": "2018-04-29T21:29Z"
    }
  }
}

GHSA-PJ74-6489-HFX6

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10548"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-29T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.",
  "id": "GHSA-pj74-6489-hfx6",
  "modified": "2022-05-14T00:53:53Z",
  "published": "2022-05-14T00:53:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10548"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2519"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=76248"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201812-01"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180607-0003"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3646-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3646-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4240"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2018-12"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2019-07"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-7.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104019"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040807"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-10548

Vulnerability from fkie_nvd - Published: 2018-04-29 21:29 - Updated: 2024-11-21 03:41

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://php.net/ChangeLog-5.php	Patch, Vendor Advisory
cve@mitre.org	http://php.net/ChangeLog-7.php	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/104019	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040807	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:2519
cve@mitre.org	https://bugs.php.net/bug.php?id=76248	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html	Mailing List, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201812-01	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20180607-0003/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3646-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3646-2/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2018/dsa-4240	Third Party Advisory
cve@mitre.org	https://www.tenable.com/security/tns-2018-12	Third Party Advisory
cve@mitre.org	https://www.tenable.com/security/tns-2019-07
af854a3a-2127-422b-91ae-364da2661108	http://php.net/ChangeLog-5.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://php.net/ChangeLog-7.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104019	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040807	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2519
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=76248	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201812-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180607-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3646-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3646-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4240	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2018-12	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2019-07

Impacted products

Vendor	Product	Version
php	php	*
php	php	*
php	php	*
php	php	*
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
canonical	ubuntu_linux	18.04
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
netapp	storage_automation_store	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD0D220-7394-448F-8EAB-24621F5C2917",
              "versionEndExcluding": "5.6.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96ECA76-0F81-4900-A9ED-87E3F72CA615",
              "versionEndExcluding": "7.0.30",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8665618B-29C9-4044-A72C-AD09B2F9C866",
              "versionEndExcluding": "7.1.17",
              "versionStartIncluding": "7.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDE3F51-E37C-42BF-821D-E31D5664329C",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 07.1.17 y versiones 7.2.x anteriores a la 7.2.5. ext/ldap/ldap.c permite que servidores LDAP remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicaci\u00f3n) debido a la gesti\u00f3n incorrecta del valor de retorno ldap_get_dn."
    }
  ],
  "id": "CVE-2018-10548",
  "lastModified": "2024-11-21T03:41:32.600",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-29T21:29:00.463",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://php.net/ChangeLog-7.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104019"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040807"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:2519"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=76248"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201812-01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3646-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3646-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2018-12"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.tenable.com/security/tns-2019-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://php.net/ChangeLog-7.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:2519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=76248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201812-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180607-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3646-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3646-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2018-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tenable.com/security/tns-2019-07"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-10548

Vulnerability from fstec - Published: 29.04.2018

Title

Уязвимость функции ldap_get_dn интерпретатора PHP, связанная с ошибкой разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции ldap_get_dn (ext/ldap/ldap.c) интерпретатора PHP связана с неправильным обращением к возвращаемому значению при обработке специально сформированных ответов LDAP-сервера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «РусБИТех-Астра», PHP Group

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), PHP

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), до 5.6.36 (PHP), от 7.0.0 до 7.0.30 (PHP), от 7.1.0 до 7.1.17 (PHP), от 7.2.0 до 7.2.5 (PHP), 1.6 «Смоленск» (Astra Linux Special Edition)

Possible Mitigations

Для PHP: Обновление программного обеспечения до 5.6.36 или 7.2.5 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета php5) до 5.6.36+dfsg-0+deb8u1 или более поздней версии Для ОС Astra Linux 1.6 «Смоленск»: обновить пакет php7.0 до 7.0.30-0+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-10548 https://security-tracker.debian.org/tracker/CVE-2018-10548 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u0434\u043e 5.6.36 (PHP), \u043e\u0442 7.0.0 \u0434\u043e 7.0.30 (PHP), \u043e\u0442 7.1.0 \u0434\u043e 7.1.17 (PHP), \u043e\u0442 7.2.0 \u0434\u043e 7.2.5 (PHP), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f PHP:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 5.6.36 \u0438\u043b\u0438 7.2.5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 php5) \u0434\u043e 5.6.36+dfsg-0+deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 php7.0 \u0434\u043e 7.0.30-0+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.04.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.12.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01504",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-10548",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ldap_get_dn \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP,  \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ldap_get_dn (ext/ldap/ldap.c) \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP  \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435\u043c \u043a \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u043c\u043e\u043c\u0443 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u0442\u0432\u0435\u0442\u043e\u0432 LDAP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430.  \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-10548\nhttps://security-tracker.debian.org/tracker/CVE-2018-10548\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10548 (GCVE-0-2018-10548)

CNVD-2018-09169

CERTFR-2019-AVI-546

Solution

GSD-2018-10548

GHSA-PJ74-6489-HFX6

FKIE_CVE-2018-10548

CVE-2018-10548

Tags

Sightings

Nomenclature