CVE-2017-6441

Опубликовано: 22 фев. 2017

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 5	php53	Not affected
Red Hat Enterprise Linux 6	php	Not affected
Red Hat Enterprise Linux 7	php	Not affected
Red Hat OpenShift Enterprise 2	php	Not affected
Red Hat Software Collections	rh-php56-php	Not affected
Red Hat Software Collections	rh-php70-php	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1443487php: Null pointer dereference via crafted "declare(ticks="

EPSS

Процентиль: 51%

0.00275

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-6441

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2017-6441

CVSS3: 7.5

nvd

больше 8 лет назад

CVE-2017-6441

CVSS3: 7.5

debian

больше 8 лет назад

The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allow ...

GHSA-cmfj-hp6v-cm88

CVSS3: 7.5

github

больше 3 лет назад

** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."

openSUSE-SU-2017:1800-1

suse-cvrf

около 8 лет назад

Security update for php7

EPSS

Процентиль: 51%

0.00275

Низкий

5.5 Medium

CVSS3