1. Home
  2. CVE Database
  3. CVE-2018-20783
HIGH · 7.5

CVE-2018-20783

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past t...

Vulnerability Description

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
PhpPhp< 5.6.39
OpensuseLeap42.3

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2018-20783?

CVE-2018-20783 is a vulnerability with a CVSS score of 7.5 (HIGH). In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past t...

How severe is CVE-2018-20783?

CVE-2018-20783 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20783?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Opensuse Leap.