CVE-2018-7584

CRITICAL

PHP < 5.6.33, 7.0.x < 7.0.28, 7.1.x <= 7.1.14, 7.2.x <= 7.2.2 - Stack-Based Buffer Under-Read in HTTP Response Parsing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7584. PoCs published by Wei Lei and Liu Yang.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in PHP 7.2.2's HTTP response parsing logic, where a malformed HTTP response can trigger a stack-buffer-overflow due to incorrect handling of newline characters. The PoC includes a test script and server setup to reproduce the crash under AddressSanitizer (ASAN).

Description

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Wei Lei and Liu Yang · textdosphp

https://www.exploit-db.com/exploits/44846

View Code ZIP pw:eip

This exploit demonstrates a memory corruption vulnerability in PHP 7.2.2's HTTP response parsing logic, where a malformed HTTP response can trigger a stack-buffer-overflow due to incorrect handling of newline characters. The PoC includes a test script and server setup to reproduce the crash under AddressSanitizer (ASAN).

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PHP 7.2.2

No auth needed

Prerequisites: PHP 7.2.2 installation · Ability to send malformed HTTP responses to a target PHP application

MITRE ATT&CK