VID |
22978 |
Severity |
40 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
The version of PHP installed on the remote host is 7.4.x prior to 7.4.18, or 8.x prior to 8.0.5. It is, therefore, affected by an integer overflow condition in pnctl_exec(). An attacker can exploit this to cause a denial of service (DoS) condition or the execution of arbitrary code.
* References: https://www.php.net/ChangeLog-7.php#7.4.18 https://www.php.net/ChangeLog-8.php#8.0.5
* Platforms Affected: PHP Prior to 7.4.18 Any operating system Any version |
Recommendation |
Upgrade to the latest version of PHP (7.4.18 or later), available from the PHP web site at http://www.php.net/downloads.php |
Related URL |
(CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|