Published: 07/11/2017 Updated: 19/08/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In PHP prior to 5.6.32, 7.x prior to 7.0.25, and 7.1.x prior to 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 14.04
netapp clustered data ontap -
netapp storage automation store -

Several security issues were fixed in PHP ...

Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free() in wddx_deserialize() CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing fun ...

In PHP before 5632, 7x before 7025, and 71x before 7111, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_datec out-of-bounds reads affecting the php_parse_date fun ...

Description: ------------ A heap out-of-bound read vulnerability in timelib_meridian() can be triggered via wddx_deserialize() or other vectors that call into this function on untrusted inputs $ ~/php-718/sapi/cli/php --version PHP 718 (cli) (built: Aug 9 2017 21:42:13) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v310, Copyri ...

CWE-125 https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1 https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536 https://bugs.php.net/bug.php?id=75055 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.securityfocus.com/bid/101745 https://www.exploit-db.com/exploits/43133/https://www.debian.org/security/2018/dsa-4081 https://www.debian.org/security/2018/dsa-4080 https://usn.ubuntu.com/3566-1/https://access.redhat.com/errata/RHSA-2018:1296 https://security.netapp.com/advisory/ntap-20181123-0001/https://access.redhat.com/errata/RHSA-2019:2519 https://usn.ubuntu.com/3566-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/43133/

CVE-2017-16642

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect