vulnerability

Ubuntu: (Multiple Advisories) (CVE-2018-20783): PHP vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Feb 21, 2019	May 23, 2019	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Feb 21, 2019

Added

May 23, 2019

Modified

Aug 18, 2025

Description

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

Solutions

ubuntu-pro-upgrade-libapache2-mod-php5ubuntu-pro-upgrade-php5-cgiubuntu-pro-upgrade-php5-cliubuntu-pro-upgrade-php5-fpm

References

CVE-2018-20783
https://attackerkb.com/topics/CVE-2018-20783
CWE-125
NVD-CVE-2018-20783
UBUNTU-USN-3382-1
UBUNTU-USN-3566-1
UBUNTU-USN-3566-2
UBUNTU-USN-3600-1
UBUNTU-USN-4009-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today