Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-11144

Опубликовано: 10 июл. 2017
Источник: debian

Описание

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.1fixed7.1.8-1package
php7.0fixed7.0.22-1package
php5removedpackage

Примечания

  • PHP Bug: https://bugs.php.net/bug.php?id=74651

  • Fixed in 7.1.7, 7.0.21, 5.6.31

  • https://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6

  • https://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e

  • https://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3

  • http://openwall.com/lists/oss-security/2017/07/10/6

Связанные уязвимости

ubuntu логотип

CVE-2017-11144

CVSS3: 7.5
ubuntu
больше 8 лет назад

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

redhat логотип

CVE-2017-11144

CVSS3: 5.9
redhat
больше 8 лет назад

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

nvd логотип

CVE-2017-11144

CVSS3: 7.5
nvd
больше 8 лет назад

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

github логотип

GHSA-99qx-86wf-8f3j

CVSS3: 7.5
github
больше 3 лет назад

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

fstec логотип

BDU:2022-02424

CVSS3: 7.5
fstec
больше 8 лет назад

Уязвимость расширения openssl (ext/openssl/openssl.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании