Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-11362

Опубликовано: 17 июл. 2017
Источник: redhat
CVSS3: 4
EPSS Низкий

Описание

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat OpenShift Enterprise 2phpWill not fix
Red Hat Software Collectionsrh-php56-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUSrh-php70-phpFixedRHSA-2018:129603.05.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1475373php: Stack-based buffer over-read in msgfmt_parse_message function

EPSS

Процентиль: 82%
0.01723
Низкий

4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-11362

CVSS3: 9.8
ubuntu
около 8 лет назад

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.

nvd логотип

CVE-2017-11362

CVSS3: 9.8
nvd
около 8 лет назад

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.

debian логотип

CVE-2017-11362

CVSS3: 9.8
debian
около 8 лет назад

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ...

github логотип

GHSA-p8vm-62x6-j22w

CVSS3: 9.8
github
больше 3 лет назад

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.

fstec логотип

BDU:2017-01714

fstec
около 8 лет назад

Уязвимость функции msgfmt_parse_message интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 82%
0.01723
Низкий

4 Medium

CVSS3