CVE-2018-10548

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.36 PHP versions 7.0.x prior to 7.0.30 PHP versions 7.1.x prior to 7.1.17 PHP versions 7.2.x prior to 7.2.5

Description An issue in PHP allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) due to mishandling of the ldap get dn return value. The vulnerability is related to the improper handling of specially crafted LDAP server responses. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For PHP versions prior to 5.6.36, update to version 5.6.36 or later. For PHP versions 7.0.x prior to 7.0.30, update to version 7.0.30 or later. For PHP versions 7.1.x prior to 7.1.17, update to version 7.1.17 or later. For PHP versions 7.2.x prior to 7.2.5, update to version 7.2.5 or later. As a temporary workaround, consider restricting access to the ldap get dn function until a patch is available.