Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-16642

Опубликовано: 07 нояб. 2017
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 5
CVSS3: 7.5

Описание

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

5.5.9+dfsg-1ubuntu4.23
precise/esm

not-affected

code not present
trusty

released

5.5.9+dfsg-1ubuntu4.23
trusty/esm

not-affected

5.5.9+dfsg-1ubuntu4.23
upstream

needs-triage

xenial

DNE

zesty

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

7.0.25-0ubuntu0.16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

7.0.25
xenial

released

7.0.25-0ubuntu0.16.04.1

Показывать по

РелизСтатусПримечание
artful

not-affected

7.1.11-0ubuntu0.17.10.1
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

7.1.11
xenial

DNE

zesty

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 94%
0.14306
Средний

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-16642

CVSS3: 2.9
redhat
больше 7 лет назад

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

nvd логотип

CVE-2017-16642

CVSS3: 7.5
nvd
больше 7 лет назад

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

debian логотип

CVE-2017-16642

CVSS3: 7.5
debian
больше 7 лет назад

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ...

github логотип

GHSA-3r8x-r93p-fr32

CVSS3: 7.5
github
около 3 лет назад

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

fstec логотип

BDU:2022-02423

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость компонента ext/date/lib/parse_date.c интерпретатора языка программирования PHP, позволяющая нарушителю оказать воздействие на конфиденциальность информации

EPSS

Процентиль: 94%
0.14306
Средний

5 Medium

CVSS2

7.5 High

CVSS3