Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-10546

Published: 29 April 2018

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

Notes

AuthorNote
leosilva
issue not reproducible in precise.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Not vulnerable

trusty
Released (5.5.9+dfsg-1ubuntu4.25)
upstream
Released (5.6.36)
xenial Does not exist

Patches:
upstream: https://github.com/php/php-src/commit/06d309fd7a917575d65c7a6f4f57b0e6bb0f9711
upstream: https://github.com/php/php-src/commit/ee76a5ae5ad57bb9d0bc183bcbf9c4652331c2e3
php7.0
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.0.30)
xenial
Released (7.0.30-0ubuntu0.16.04.1)
php7.1
Launchpad, Ubuntu, Debian
artful
Released (7.1.17-0ubuntu0.17.10.1)
bionic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.1.17)
xenial Does not exist

php7.2
Launchpad, Ubuntu, Debian
artful Does not exist

bionic
Released (7.2.5-0ubuntu0.18.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (7.2.5)
xenial Does not exist