Published: 10/07/2017 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In PHP prior to 5.6.31, 7.x prior to 7.0.21, and 7.1.x prior to 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 7.1.0
php php 7.1.6
php php 7.0.11
php php 7.0.4
php php 7.1.3
php php 7.1.5
php php 7.0.19
php php 7.0.3
php php 7.0.1
php php 7.1.2
php php 7.0.12
php php 7.0.13
php php 7.0.16
php php 7.0.7
php php 7.0.14
php php 7.0.20
php php 7.0.15
php php
php php 7.0.18
php php 7.0.2
php php 7.0.9
php php 7.0.8
php php 7.0.17
php php 7.0.5
php php 7.0.10
php php 7.0.0
php php 7.0.6
php php 7.1.1
php php 7.1.4

Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free() in wddx_deserialize() CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing fun ...

In PHP before 5631, 7x before 7021, and 71x before 717, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_datec out-of-bounds reads affecting the php_parse_date function NOTE: the correct fix is in t ...

Tenable has released updates for SecurityCenter 532, 540, 542, 545, 550, and 551 to bring the version of PHP included with them to 5631 PHP 5631 addresses multiple vulnerabilities: CVE-2017-11142: In PHP before 5631, 7x before 7017, and 71x before 713, remote attackers could cause a CPU consumption denial of service atta ...

CWE-200 https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75 https://bugs.php.net/bug.php?id=74819 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://openwall.com/lists/oss-security/2017/07/10/6 http://www.securityfocus.com/bid/99550 https://www.tenable.com/security/tns-2017-12 https://www.debian.org/security/2018/dsa-4081 https://www.debian.org/security/2018/dsa-4080 https://security.netapp.com/advisory/ntap-20180112-0001/https://access.redhat.com/errata/RHSA-2018:1296 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e8b7698f5ee757ce2c8bd10a192a491a498f891c https://access.redhat.com/errata/RHSA-2018:1296 https://nvd.nist.gov https://usn.ubuntu.com/3382-1/

CVE-2017-11145

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect