CVE-2018-17082

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

23b057742e3cf199612fa8050ae86cae675e214e

Affected versions

Other

NEWS

NEWS-cvs2svn

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "286714666792502187029051883559319256746",
            "length": 3972.0
        },
        "target": {
            "file": "sapi/apache2handler/sapi_apache2.c",
            "function": "php_handler"
        },
        "signature_version": "v1",
        "id": "CVE-2018-17082-68a51ab8",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "152064786699712677301454464694779181018",
                "29303015709440994030888303854153240592",
                "111547859227363177804637785761047134821",
                "289592337297551983891992604857677649335"
            ]
        },
        "target": {
            "file": "sapi/apache2handler/sapi_apache2.c"
        },
        "signature_version": "v1",
        "id": "CVE-2018-17082-fa554c7b",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e"
    }
]