Description
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP
DirectoryIterator class accepts filenames with embedded \0 byte and treats
them as terminating at that byte. This could lead to security
vulnerabilities, e.g. in applications checking paths that the code is
allowed to access.
Notes
leosilva | in precise-esm, php is the 5.3 and not has support for
type specifier 'p' that was introduced in 5.5. |
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | released
(5.5.9+dfsg-1ubuntu4.29+esm8)
|
Patches:
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 16.04 ESM: | released
(7.0.33-0ubuntu0.16.04.9)
|
Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
Upstream: | released
(7.2.26)
|
Ubuntu 18.04 LTS: | released
(7.2.24-0ubuntu0.18.04.2)
|
Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
Upstream: | released
(7.3.13)
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-13 13:36:50 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)