Описание
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.22 |
| precise/esm | not-affected | 5.3.10-1ubuntu3.28 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.22 |
| trusty/esm | not-affected | 5.5.9+dfsg-1ubuntu4.22 |
| upstream | released | 5.6.31 |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| zesty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 7.0.22-0ubuntu0.16.04.1 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.0.21 |
| vivid/ubuntu-core | DNE | |
| xenial | released | 7.0.22-0ubuntu0.16.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 7.1.8-1ubuntu1 |
| devel | released | 7.1.8-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.1.7 |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| zesty | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ...
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
Уязвимость функции zend_ini_do_op() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный PHP-код
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3