CVE-2017-7963

Опубликовано: 19 апр. 2017

Источник: ubuntu

Приоритет: low

CVSS2: 5

CVSS3: 7.5

Описание

The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	ignored
precise	ignored	end of life
precise/esm	ignored
trusty	ignored
trusty/esm	ignored
upstream	needs-triage
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE
xenial	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2017-7963

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-7963

CVSS3: 7.5

nvd

почти 9 лет назад

CVE-2017-7963

CVSS3: 7.5

debian

почти 9 лет назад

The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP ...

GHSA-266p-jjrg-gmfx

CVSS3: 7.5

github

больше 3 лет назад

** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior."

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2017-7963

Описание

Пакет php5

Ссылки на источники

Связанные уязвимости