CVE-2018-14884

Name
CVE-2018-14884
Description
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.php.net/bug.php?id=75535
Vendor Advisory http://php.net/ChangeLog-7.php
Third Party Advisory https://security.netapp.com/advisory/ntap-20181107-0003/
REDHAT https://access.redhat.com/errata/RHSA-2019:2519

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.2.0 < 7.2.1
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.1.0 < 7.1.13
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.0.0 < 7.0.27

Vulnerable and fixed packages

Source package Branch Version Maintainer Status