CVE-2018-14884

Name of the Vulnerable Software and Affected Versions PHP versions 7.0.x through 7.0.26 PHP versions 7.1.x through 7.1.12 PHP versions 7.2.x through 7.2.0

Description The issue arises from inappropriately parsing an HTTP response, leading to a segmentation fault. This occurs because the http header value in ext/standard/http fopen wrapper.c can be a NULL value that is mishandled in an atoi call. The vulnerability is related to the http header value function and can be exploited by a remote attacker to cause a denial of service.

Recommendations For PHP versions 7.0.x through 7.0.26, update to version 7.0.27 or later. For PHP versions 7.1.x through 7.1.12, update to version 7.1.13 or later. For PHP versions 7.2.x through 7.2.0, update to version 7.2.1 or later.