Description

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

Remediation

References

CVE-2018-10548

Related Vulnerabilities

WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2018-8740)

Piwigo CVE-2014-4648 Vulnerability (CVE-2014-4648)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)

GlassFish CVE-2017-10400 Vulnerability (CVE-2017-10400)

Severity

High

Classification

CVE-2018-10548 CWE-476 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities