Medium severity4.7NVD Advisory· Published Apr 29, 2018· Updated Jun 17, 2026
CVE-2018-10545
CVE-2018-10545
Description
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords10 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 5.3.17-112.23.1+ 9 more
- (no CPE)range: < 5.3.17-112.23.1
- (no CPE)range: < 5.3.17-112.23.1
- (no CPE)range: < 5.3.17-112.23.1
- (no CPE)range: < 5.3.17-112.23.1
- (no CPE)range: < 5.3.17-112.23.1
- (no CPE)range: < 5.3.17-112.23.1
- (no CPE)range: < 5.5.14-109.27.2
- (no CPE)range: < 5.5.14-109.27.2
- (no CPE)range: < 7.0.7-50.38.2
- (no CPE)range: < 7.0.7-50.38.2
Patches
Vulnerability mechanics
References
13- php.net/ChangeLog-5.phpnvdPatchVendor Advisory
- php.net/ChangeLog-7.phpnvdPatchVendor Advisory
- bugs.php.net/bug.phpnvdIssue TrackingPatchVendor Advisory
- www.securityfocus.com/bid/104022nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2018/05/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/06/msg00005.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201812-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20180607-0003/nvdThird Party Advisory
- usn.ubuntu.com/3646-1/nvdThird Party Advisory
- usn.ubuntu.com/3646-2/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4240nvdThird Party Advisory
- www.tenable.com/security/tns-2018-12nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:2519nvd
News mentions
0No linked articles in our index yet.