CVE 2018-10546
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
Related bugs and status
CVE-2018-10546 (Candidate) is related to these bugs:
Bug #1770184: Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu) | Undecided | Fix Released | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Bionic) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Bionic) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Bionic) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Bionic) | Medium | Fix Released | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Trusty) | Medium | Fix Released | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Trusty) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Trusty) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Trusty) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Xenial) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Xenial) | Medium | Fix Released | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Xenial) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Xenial) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Cosmic) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Cosmic) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Cosmic) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Artful) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Artful) | Undecided | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Artful) | Medium | Invalid | ||
1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Artful) | Undecided | Invalid |
Bug #1770222: [MRE] Please update to latest upstream release 7.0.30 / 7.1.17 / 7.2.5
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1770222 | [MRE] Please update to latest upstream release 7.0.30 / 7.1.17 / 7.2.5 | php7.0 (Ubuntu) | Undecided | New |
Bug #1792991: Please apply security fixes from PHP 5.5.36 to 5.5.38
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1792991 | Please apply security fixes from PHP 5.5.36 to 5.5.38 | php5 (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.