search

turkdevops / php-src

The PHP Interpreter
https://www.php.net
Other
0 stars 0 forks source link

CVE-2018-20506 (High) detected in php-srcphp-7.1.0RC3 - autoclosed #103

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2018-20506 - High Severity Vulnerability

Vulnerable Library - php-srcphp-7.1.0RC3

The PHP Interpreter

Library home page: https://github.com/madorin/php-src.git

Found in HEAD commit: ec57f9143f2fcf2e9a8d3dfa268da689d11be5e2

Found in base branch: microseconds

Vulnerable Source Files (0)

Vulnerability Details

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Publish Date: 2019-04-03

URL: CVE-2018-20506

CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2017-13685

Release Date: 2019-04-03

Fix Resolution: 3.25.3

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 3 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.