Home CVE Database CVE-2018-10545

CVE-2018-10545

Description

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user\'s PHP applications by running gcore on the PID of the PHP-FPM worker process.

Priority: LOW
CVSS v3: 4.7
Publish Date: Apr 29, 2018
Related ID: --
CVSS v2: MEDIUM
Modified Date: Apr 29, 2018

Find out more about CVE-2018-10545 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

php

Live chat
Online