ID CVE-2017-16642
Summary In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
References
Vulnerable Configurations
  • PHP PHP
    cpe:2.3:a:php:php
  • PHP 0.1
    cpe:2.3:a:php:php:0.1
  • PHP 0.2
    cpe:2.3:a:php:php:0.2
  • PHP 0.2.1
    cpe:2.3:a:php:php:0.2.1
  • PHP 0.2.3
    cpe:2.3:a:php:php:0.2.3
  • PHP 0.3
    cpe:2.3:a:php:php:0.3
  • PHP 0.5
    cpe:2.3:a:php:php:0.5
  • PHP 0.5.3
    cpe:2.3:a:php:php:0.5.3
  • PHP 0.7
    cpe:2.3:a:php:php:0.7
  • PHP 0.9
    cpe:2.3:a:php:php:0.9
  • PHP 0.9.1
    cpe:2.3:a:php:php:0.9.1
  • PHP 0.9.3
    cpe:2.3:a:php:php:0.9.3
  • PHP 0.10
    cpe:2.3:a:php:php:0.10
  • PHP 0.90
    cpe:2.3:a:php:php:0.90
  • PHP PHP_FI 1.0
    cpe:2.3:a:php:php:1.0
  • PHP 1.0.2
    cpe:2.3:a:php:php:1.0.2
  • PHP 1.0.4
    cpe:2.3:a:php:php:1.0.4
  • PHP 1.1.0
    cpe:2.3:a:php:php:1.1.0
  • PHP 1.2.0
    cpe:2.3:a:php:php:1.2.0
  • PHP 1.2.2
    cpe:2.3:a:php:php:1.2.2
  • PHP 1.2.4
    cpe:2.3:a:php:php:1.2.4
  • PHP 1.3.1
    cpe:2.3:a:php:php:1.3.1
  • PHP 1.4
    cpe:2.3:a:php:php:1.4
  • PHP PHP_FI 2.0
    cpe:2.3:a:php:php:2.0
  • PHP 2.0.0
    cpe:2.3:a:php:php:2.0.0
  • PHP 2.0.2
    cpe:2.3:a:php:php:2.0.2
  • PHP PHP_FI 2.0b10
    cpe:2.3:a:php:php:2.0b10
  • PHP PHP 3.0
    cpe:2.3:a:php:php:3.0
  • PHP PHP 3.0.1
    cpe:2.3:a:php:php:3.0.1
  • PHP PHP 3.0.2
    cpe:2.3:a:php:php:3.0.2
  • PHP PHP 3.0.3
    cpe:2.3:a:php:php:3.0.3
  • PHP PHP 3.0.4
    cpe:2.3:a:php:php:3.0.4
  • PHP PHP 3.0.5
    cpe:2.3:a:php:php:3.0.5
  • PHP PHP 3.0.6
    cpe:2.3:a:php:php:3.0.6
  • PHP PHP 3.0.7
    cpe:2.3:a:php:php:3.0.7
  • PHP PHP 3.0.8
    cpe:2.3:a:php:php:3.0.8
  • PHP PHP 3.0.9
    cpe:2.3:a:php:php:3.0.9
  • PHP PHP 3.0.10
    cpe:2.3:a:php:php:3.0.10
  • PHP PHP 3.0.11
    cpe:2.3:a:php:php:3.0.11
  • PHP PHP 3.0.12
    cpe:2.3:a:php:php:3.0.12
  • PHP PHP 3.0.13
    cpe:2.3:a:php:php:3.0.13
  • PHP PHP 3.0.14
    cpe:2.3:a:php:php:3.0.14
  • PHP PHP 3.0.15
    cpe:2.3:a:php:php:3.0.15
  • PHP PHP 3.0.16
    cpe:2.3:a:php:php:3.0.16
  • PHP PHP 3.0.17
    cpe:2.3:a:php:php:3.0.17
  • PHP PHP 3.0.18
    cpe:2.3:a:php:php:3.0.18
  • PHP 4.0.0
    cpe:2.3:a:php:php:4.0
  • PHP PHP 4.0 Beta 1
    cpe:2.3:a:php:php:4.0:beta1
  • PHP PHP 4.0 Beta 2
    cpe:2.3:a:php:php:4.0:beta2
  • PHP PHP 4.0 Beta 3
    cpe:2.3:a:php:php:4.0:beta3
  • PHP PHP 4.0 Beta 4
    cpe:2.3:a:php:php:4.0:beta4
  • PHP PHP 4.0 Beta 4 Patch Level 1
    cpe:2.3:a:php:php:4.0:beta_4_patch1
  • PHP PHP 4.0.0
    cpe:2.3:a:php:php:4.0.0
  • PHP PHP 4.0.1
    cpe:2.3:a:php:php:4.0.1
  • PHP PHP 4.0.2
    cpe:2.3:a:php:php:4.0.2
  • PHP PHP 4.0.3
    cpe:2.3:a:php:php:4.0.3
  • PHP PHP 4.0.4
    cpe:2.3:a:php:php:4.0.4
  • PHP PHP 4.0.5
    cpe:2.3:a:php:php:4.0.5
  • PHP PHP 4.0.6
    cpe:2.3:a:php:php:4.0.6
  • PHP PHP 4.0.7
    cpe:2.3:a:php:php:4.0.7
  • PHP PHP 4.1.0
    cpe:2.3:a:php:php:4.1.0
  • PHP PHP 4.1.1
    cpe:2.3:a:php:php:4.1.1
  • PHP PHP 4.1.2
    cpe:2.3:a:php:php:4.1.2
  • PHP 4.1.0
    cpe:2.3:a:php:php:4.1.3
  • PHP 4.2.0
    cpe:2.3:a:php:php:4.2
  • PHP PHP 4.2.0
    cpe:2.3:a:php:php:4.2.0
  • PHP PHP 4.2.1
    cpe:2.3:a:php:php:4.2.1
  • PHP PHP 4.2.2
    cpe:2.3:a:php:php:4.2.2
  • PHP PHP 4.2.3
    cpe:2.3:a:php:php:4.2.3
  • PHP 4.2.0
    cpe:2.3:a:php:php:4.2.4
  • PHP 4.3.0
    cpe:2.3:a:php:php:4.3
  • PHP PHP 4.3.0
    cpe:2.3:a:php:php:4.3.0
  • PHP PHP 4.3.1
    cpe:2.3:a:php:php:4.3.1
  • PHP PHP 4.3.2
    cpe:2.3:a:php:php:4.3.2
  • PHP PHP 4.3.3
    cpe:2.3:a:php:php:4.3.3
  • PHP PHP 4.3.4
    cpe:2.3:a:php:php:4.3.4
  • PHP PHP 4.3.5
    cpe:2.3:a:php:php:4.3.5
  • PHP PHP 4.3.6
    cpe:2.3:a:php:php:4.3.6
  • PHP PHP 4.3.7
    cpe:2.3:a:php:php:4.3.7
  • PHP PHP 4.3.8
    cpe:2.3:a:php:php:4.3.8
  • PHP PHP 4.3.9
    cpe:2.3:a:php:php:4.3.9
  • PHP PHP 4.3.10
    cpe:2.3:a:php:php:4.3.10
  • PHP PHP 4.3.11
    cpe:2.3:a:php:php:4.3.11
  • PHP PHP 4.4.0
    cpe:2.3:a:php:php:4.4.0
  • PHP PHP 4.4.1
    cpe:2.3:a:php:php:4.4.1
  • PHP PHP 4.4.2
    cpe:2.3:a:php:php:4.4.2
  • PHP PHP 4.4.3
    cpe:2.3:a:php:php:4.4.3
  • PHP PHP 4.4.4
    cpe:2.3:a:php:php:4.4.4
  • PHP PHP 4.4.5
    cpe:2.3:a:php:php:4.4.5
  • PHP PHP 4.4.6
    cpe:2.3:a:php:php:4.4.6
  • PHP PHP 4.4.7
    cpe:2.3:a:php:php:4.4.7
  • PHP 4.4.8
    cpe:2.3:a:php:php:4.4.8
  • PHP 4.4.9
    cpe:2.3:a:php:php:4.4.9
  • PHP PHP 5.0.0
    cpe:2.3:a:php:php:5.0.0
  • PHP PHP 5.0.0 Beta1
    cpe:2.3:a:php:php:5.0.0:beta1
  • PHP PHP 5.0.0 Beta2
    cpe:2.3:a:php:php:5.0.0:beta2
  • PHP PHP 5.0.0 Beta3
    cpe:2.3:a:php:php:5.0.0:beta3
  • PHP PHP 5.0.0 Beta4
    cpe:2.3:a:php:php:5.0.0:beta4
  • PHP PHP 5.0.0 RC1
    cpe:2.3:a:php:php:5.0.0:rc1
  • PHP PHP 5.0.0 RC2
    cpe:2.3:a:php:php:5.0.0:rc2
  • PHP PHP 5.0.0 RC3
    cpe:2.3:a:php:php:5.0.0:rc3
  • PHP PHP 5.0.1
    cpe:2.3:a:php:php:5.0.1
  • PHP PHP 5.0.2
    cpe:2.3:a:php:php:5.0.2
  • PHP PHP 5.0.3
    cpe:2.3:a:php:php:5.0.3
  • PHP PHP 5.0.4
    cpe:2.3:a:php:php:5.0.4
  • PHP PHP 5.0.5
    cpe:2.3:a:php:php:5.0.5
  • PHP 5.1.0
    cpe:2.3:a:php:php:5.1
  • PHP PHP 5.1.0
    cpe:2.3:a:php:php:5.1.0
  • PHP PHP 5.1.1
    cpe:2.3:a:php:php:5.1.1
  • PHP PHP 5.1.2
    cpe:2.3:a:php:php:5.1.2
  • PHP PHP 5.1.3
    cpe:2.3:a:php:php:5.1.3
  • PHP 5.1.4
    cpe:2.3:a:php:php:5.1.4
  • PHP PHP 5.1.5
    cpe:2.3:a:php:php:5.1.5
  • PHP PHP 5.1.6
    cpe:2.3:a:php:php:5.1.6
  • PHP 5.2.0
    cpe:2.3:a:php:php:5.2.0
  • PHP 5.2.1
    cpe:2.3:a:php:php:5.2.1
  • PHP 5.2.2
    cpe:2.3:a:php:php:5.2.2
  • PHP 5.2.3
    cpe:2.3:a:php:php:5.2.3
  • PHP 5.2.4
    cpe:2.3:a:php:php:5.2.4
  • PHP 5.2.5
    cpe:2.3:a:php:php:5.2.5
  • PHP 5.2.6
    cpe:2.3:a:php:php:5.2.6
  • PHP 5.2.7
    cpe:2.3:a:php:php:5.2.7
  • PHP 5.2.8
    cpe:2.3:a:php:php:5.2.8
  • PHP 5.2.9
    cpe:2.3:a:php:php:5.2.9
  • PHP 5.2.10
    cpe:2.3:a:php:php:5.2.10
  • PHP 5.2.11
    cpe:2.3:a:php:php:5.2.11
  • PHP 5.2.12
    cpe:2.3:a:php:php:5.2.12
  • PHP 5.2.13
    cpe:2.3:a:php:php:5.2.13
  • PHP 5.2.14
    cpe:2.3:a:php:php:5.2.14
  • PHP 5.2.15
    cpe:2.3:a:php:php:5.2.15
  • PHP 5.2.16
    cpe:2.3:a:php:php:5.2.16
  • PHP 5.2.17
    cpe:2.3:a:php:php:5.2.17
  • PHP 5.3.0
    cpe:2.3:a:php:php:5.3.0
  • PHP 5.3.1
    cpe:2.3:a:php:php:5.3.1
  • PHP 5.3.2
    cpe:2.3:a:php:php:5.3.2
  • PHP 5.3.3
    cpe:2.3:a:php:php:5.3.3
  • PHP 5.3.4
    cpe:2.3:a:php:php:5.3.4
  • PHP 5.3.5
    cpe:2.3:a:php:php:5.3.5
  • PHP 5.3.6
    cpe:2.3:a:php:php:5.3.6
  • PHP 5.3.7
    cpe:2.3:a:php:php:5.3.7
  • PHP 5.3.8
    cpe:2.3:a:php:php:5.3.8
  • PHP 5.3.9
    cpe:2.3:a:php:php:5.3.9
  • PHP 5.3.10
    cpe:2.3:a:php:php:5.3.10
  • PHP 5.3.11
    cpe:2.3:a:php:php:5.3.11
  • PHP 5.3.12
    cpe:2.3:a:php:php:5.3.12
  • PHP 5.3.13
    cpe:2.3:a:php:php:5.3.13
  • PHP 5.3.14
    cpe:2.3:a:php:php:5.3.14
  • PHP 5.3.15
    cpe:2.3:a:php:php:5.3.15
  • PHP 5.3.16
    cpe:2.3:a:php:php:5.3.16
  • PHP 5.3.17
    cpe:2.3:a:php:php:5.3.17
  • PHP 5.3.18
    cpe:2.3:a:php:php:5.3.18
  • PHP 5.3.19
    cpe:2.3:a:php:php:5.3.19
  • PHP 5.3.20
    cpe:2.3:a:php:php:5.3.20
  • PHP 5.3.21
    cpe:2.3:a:php:php:5.3.21
  • PHP 5.3.22
    cpe:2.3:a:php:php:5.3.22
  • PHP 5.3.23
    cpe:2.3:a:php:php:5.3.23
  • PHP 5.3.24
    cpe:2.3:a:php:php:5.3.24
  • PHP 5.3.25
    cpe:2.3:a:php:php:5.3.25
  • PHP 5.3.26
    cpe:2.3:a:php:php:5.3.26
  • PHP 5.3.27
    cpe:2.3:a:php:php:5.3.27
  • PHP 5.3.28
    cpe:2.3:a:php:php:5.3.28
  • PHP 5.3.29
    cpe:2.3:a:php:php:5.3.29
  • PHP 5.4.0
    cpe:2.3:a:php:php:5.4.0
  • PHP 5.4.1
    cpe:2.3:a:php:php:5.4.1
  • PHP 5.4.2
    cpe:2.3:a:php:php:5.4.2
  • PHP 5.4.3
    cpe:2.3:a:php:php:5.4.3
  • PHP 5.4.4
    cpe:2.3:a:php:php:5.4.4
  • PHP 5.4.5
    cpe:2.3:a:php:php:5.4.5
  • PHP 5.4.6
    cpe:2.3:a:php:php:5.4.6
  • PHP 5.4.7
    cpe:2.3:a:php:php:5.4.7
  • PHP 5.4.8
    cpe:2.3:a:php:php:5.4.8
  • PHP 5.4.9
    cpe:2.3:a:php:php:5.4.9
  • PHP 5.4.10
    cpe:2.3:a:php:php:5.4.10
  • PHP 5.4.11
    cpe:2.3:a:php:php:5.4.11
  • PHP 5.4.12
    cpe:2.3:a:php:php:5.4.12
  • PHP 5.4.12 release candidate 1
    cpe:2.3:a:php:php:5.4.12:rc1
  • PHP 5.4.12 release candidate 2
    cpe:2.3:a:php:php:5.4.12:rc2
  • PHP 5.4.13
    cpe:2.3:a:php:php:5.4.13
  • PHP 5.4.13 release candidate 1
    cpe:2.3:a:php:php:5.4.13:rc1
  • PHP 5.4.14
    cpe:2.3:a:php:php:5.4.14
  • PHP 5.4.14 release candidate 1
    cpe:2.3:a:php:php:5.4.14:rc1
  • PHP 5.4.15
    cpe:2.3:a:php:php:5.4.15
  • PHP 5.4.15 release candidate 1
    cpe:2.3:a:php:php:5.4.15:rc1
  • PHP 5.4.16
    cpe:2.3:a:php:php:5.4.16
  • PHP 5.4.16 release candidate 1
    cpe:2.3:a:php:php:5.4.16:rc1
  • PHP 5.4.17
    cpe:2.3:a:php:php:5.4.17
  • PHP 5.4.18
    cpe:2.3:a:php:php:5.4.18
  • PHP 5.4.19
    cpe:2.3:a:php:php:5.4.19
  • PHP 5.4.20
    cpe:2.3:a:php:php:5.4.20
  • PHP 5.4.21
    cpe:2.3:a:php:php:5.4.21
  • PHP 5.4.22
    cpe:2.3:a:php:php:5.4.22
  • PHP 5.4.23
    cpe:2.3:a:php:php:5.4.23
  • PHP 5.4.24
    cpe:2.3:a:php:php:5.4.24
  • PHP 5.4.25
    cpe:2.3:a:php:php:5.4.25
  • PHP 5.4.26
    cpe:2.3:a:php:php:5.4.26
  • PHP 5.4.27
    cpe:2.3:a:php:php:5.4.27
  • PHP 5.4.28
    cpe:2.3:a:php:php:5.4.28
  • PHP 5.4.29
    cpe:2.3:a:php:php:5.4.29
  • PHP 5.4.30
    cpe:2.3:a:php:php:5.4.30
  • PHP 5.4.31
    cpe:2.3:a:php:php:5.4.31
  • PHP 5.4.32
    cpe:2.3:a:php:php:5.4.32
  • PHP 5.4.33
    cpe:2.3:a:php:php:5.4.33
  • PHP PHP 5.4.34
    cpe:2.3:a:php:php:5.4.34
  • PHP 5.4.35
    cpe:2.3:a:php:php:5.4.35
  • PHP 5.4.36
    cpe:2.3:a:php:php:5.4.36
  • PHP 5.4.37
    cpe:2.3:a:php:php:5.4.37
  • PHP 5.4.38
    cpe:2.3:a:php:php:5.4.38
  • PHP 5.4.39
    cpe:2.3:a:php:php:5.4.39
  • PHP 5.4.40
    cpe:2.3:a:php:php:5.4.40
  • PHP 5.4.41
    cpe:2.3:a:php:php:5.4.41
  • PHP 5.4.42
    cpe:2.3:a:php:php:5.4.42
  • PHP 5.4.43
    cpe:2.3:a:php:php:5.4.43
  • PHP 5.4.44
    cpe:2.3:a:php:php:5.4.44
  • PHP 5.4.45
    cpe:2.3:a:php:php:5.4.45
  • PHP 5.5.0
    cpe:2.3:a:php:php:5.5.0
  • PHP 5.5.0 alpha1
    cpe:2.3:a:php:php:5.5.0:alpha1
  • PHP 5.5.0 alpha2
    cpe:2.3:a:php:php:5.5.0:alpha2
  • PHP 5.5.0 alpha3
    cpe:2.3:a:php:php:5.5.0:alpha3
  • PHP 5.5.0 alpha4
    cpe:2.3:a:php:php:5.5.0:alpha4
  • PHP 5.5.0 alpha5
    cpe:2.3:a:php:php:5.5.0:alpha5
  • PHP 5.5.0 alpha6
    cpe:2.3:a:php:php:5.5.0:alpha6
  • PHP 5.5.0 beta1
    cpe:2.3:a:php:php:5.5.0:beta1
  • PHP 5.5.0 beta2
    cpe:2.3:a:php:php:5.5.0:beta2
  • PHP 5.5.0 beta3
    cpe:2.3:a:php:php:5.5.0:beta3
  • PHP 5.5.0 beta4
    cpe:2.3:a:php:php:5.5.0:beta4
  • PHP 5.5.0 release candidate 1
    cpe:2.3:a:php:php:5.5.0:rc1
  • PHP 5.5.0 release candidate 2
    cpe:2.3:a:php:php:5.5.0:rc2
  • PHP 5.5.1
    cpe:2.3:a:php:php:5.5.1
  • PHP 5.5.2
    cpe:2.3:a:php:php:5.5.2
  • PHP 5.5.3
    cpe:2.3:a:php:php:5.5.3
  • PHP 5.5.4
    cpe:2.3:a:php:php:5.5.4
  • PHP 5.5.5
    cpe:2.3:a:php:php:5.5.5
  • PHP 5.5.6
    cpe:2.3:a:php:php:5.5.6
  • PHP 5.5.7
    cpe:2.3:a:php:php:5.5.7
  • PHP 5.5.8
    cpe:2.3:a:php:php:5.5.8
  • PHP 5.5.9
    cpe:2.3:a:php:php:5.5.9
  • PHP 5.5.10
    cpe:2.3:a:php:php:5.5.10
  • PHP 5.5.11
    cpe:2.3:a:php:php:5.5.11
  • PHP 5.5.12
    cpe:2.3:a:php:php:5.5.12
  • PHP 5.5.13
    cpe:2.3:a:php:php:5.5.13
  • PHP 5.5.14
    cpe:2.3:a:php:php:5.5.14
  • PHP 5.5.15
    cpe:2.3:a:php:php:5.5.15
  • PHP 5.5.16
    cpe:2.3:a:php:php:5.5.16
  • PHP 5.5.17
    cpe:2.3:a:php:php:5.5.17
  • PHP 5.5.18
    cpe:2.3:a:php:php:5.5.18
  • PHP 5.5.19
    cpe:2.3:a:php:php:5.5.19
  • PHP 5.5.20
    cpe:2.3:a:php:php:5.5.20
  • PHP 5.5.21
    cpe:2.3:a:php:php:5.5.21
  • PHP 5.5.22
    cpe:2.3:a:php:php:5.5.22
  • PHP 5.5.23
    cpe:2.3:a:php:php:5.5.23
  • PHP 5.5.24
    cpe:2.3:a:php:php:5.5.24
  • PHP 5.5.25
    cpe:2.3:a:php:php:5.5.25
  • PHP 5.5.26
    cpe:2.3:a:php:php:5.5.26
  • PHP 5.5.27
    cpe:2.3:a:php:php:5.5.27
  • PHP 5.5.28
    cpe:2.3:a:php:php:5.5.28
  • PHP PHP 5.5.29
    cpe:2.3:a:php:php:5.5.29
  • PHP 5.5.30
    cpe:2.3:a:php:php:5.5.30
  • PHP 5.5.31
    cpe:2.3:a:php:php:5.5.31
  • PHP 5.5.32
    cpe:2.3:a:php:php:5.5.32
  • PHP 5.5.33
    cpe:2.3:a:php:php:5.5.33
  • PHP 5.5.34
    cpe:2.3:a:php:php:5.5.34
  • PHP 5.5.35
    cpe:2.3:a:php:php:5.5.35
  • PHP 5.5.36
    cpe:2.3:a:php:php:5.5.36
  • PHP 5.5.37
    cpe:2.3:a:php:php:5.5.37
  • PHP 5.5.38
    cpe:2.3:a:php:php:5.5.38
  • PHP 5.6.0
    cpe:2.3:a:php:php:5.6.0
  • PHP 5.6.0 alpha1
    cpe:2.3:a:php:php:5.6.0:alpha1
  • PHP 5.6.0 alpha2
    cpe:2.3:a:php:php:5.6.0:alpha2
  • PHP 5.6.0 alpha3
    cpe:2.3:a:php:php:5.6.0:alpha3
  • PHP 5.6.0 alpha4
    cpe:2.3:a:php:php:5.6.0:alpha4
  • PHP 5.6.0 alpha5
    cpe:2.3:a:php:php:5.6.0:alpha5
  • PHP 5.6.0 beta1
    cpe:2.3:a:php:php:5.6.0:beta1
  • PHP 5.6.0 beta2
    cpe:2.3:a:php:php:5.6.0:beta2
  • PHP 5.6.0 beta3
    cpe:2.3:a:php:php:5.6.0:beta3
  • PHP 5.6.0 beta4
    cpe:2.3:a:php:php:5.6.0:beta4
  • PHP PHP 5.6.1
    cpe:2.3:a:php:php:5.6.1
  • PHP 5.6.2
    cpe:2.3:a:php:php:5.6.2
  • PHP 5.6.3
    cpe:2.3:a:php:php:5.6.3
  • PHP 5.6.4
    cpe:2.3:a:php:php:5.6.4
  • PHP 5.6.5
    cpe:2.3:a:php:php:5.6.5
  • PHP 5.6.6
    cpe:2.3:a:php:php:5.6.6
  • PHP 5.6.7
    cpe:2.3:a:php:php:5.6.7
  • PHP PHP 5.6.8
    cpe:2.3:a:php:php:5.6.8
  • PHP PHP 5.6.9
    cpe:2.3:a:php:php:5.6.9
  • PHP PHP 5.6.10
    cpe:2.3:a:php:php:5.6.10
  • PHP PHP 5.6.11
    cpe:2.3:a:php:php:5.6.11
  • PHP PHP 5.6.12
    cpe:2.3:a:php:php:5.6.12
  • PHP PHP 5.6.13
    cpe:2.3:a:php:php:5.6.13
  • PHP 5.6.14
    cpe:2.3:a:php:php:5.6.14
  • PHP 5.6.15
    cpe:2.3:a:php:php:5.6.15
  • PHP 5.6.16
    cpe:2.3:a:php:php:5.6.16
  • PHP 5.6.17
    cpe:2.3:a:php:php:5.6.17
  • PHP 5.6.18
    cpe:2.3:a:php:php:5.6.18
  • PHP 5.6.19
    cpe:2.3:a:php:php:5.6.19
  • PHP 5.6.20
    cpe:2.3:a:php:php:5.6.20
  • PHP 5.6.21
    cpe:2.3:a:php:php:5.6.21
  • PHP 5.6.22
    cpe:2.3:a:php:php:5.6.22
  • PHP 5.6.23
    cpe:2.3:a:php:php:5.6.23
  • PHP 5.6.24
    cpe:2.3:a:php:php:5.6.24
  • PHP 5.6.25
    cpe:2.3:a:php:php:5.6.25
  • PHP 5.6.26
    cpe:2.3:a:php:php:5.6.26
  • PHP 5.6.27
    cpe:2.3:a:php:php:5.6.27
  • PHP 5.6.28
    cpe:2.3:a:php:php:5.6.28
  • PHP 5.6.29
    cpe:2.3:a:php:php:5.6.29
  • PHP 5.6.30
    cpe:2.3:a:php:php:5.6.30
  • PHP 5.6.31
    cpe:2.3:a:php:php:5.6.31
  • PHP 7.0.0
    cpe:2.3:a:php:php:7.0.0
  • PHP 7.0.1
    cpe:2.3:a:php:php:7.0.1
  • PHP 7.0.2
    cpe:2.3:a:php:php:7.0.2
  • PHP 7.0.3
    cpe:2.3:a:php:php:7.0.3
  • PHP 7.0.4
    cpe:2.3:a:php:php:7.0.4
  • PHP 7.0.5
    cpe:2.3:a:php:php:7.0.5
  • PHP 7.0.6
    cpe:2.3:a:php:php:7.0.6
  • PHP 7.0.7
    cpe:2.3:a:php:php:7.0.7
  • PHP 7.0.8
    cpe:2.3:a:php:php:7.0.8
  • PHP 7.0.9
    cpe:2.3:a:php:php:7.0.9
  • PHP 7.0.10
    cpe:2.3:a:php:php:7.0.10
  • PHP 7.0.11
    cpe:2.3:a:php:php:7.0.11
  • PHP 7.0.12
    cpe:2.3:a:php:php:7.0.12
  • PHP 7.0.13
    cpe:2.3:a:php:php:7.0.13
  • PHP 7.0.14
    cpe:2.3:a:php:php:7.0.14
  • PHP 7.0.15
    cpe:2.3:a:php:php:7.0.15
  • PHP 7.0.16
    cpe:2.3:a:php:php:7.0.16
  • PHP 7.0.17
    cpe:2.3:a:php:php:7.0.17
  • PHP 7.0.18
    cpe:2.3:a:php:php:7.0.18
  • PHP 7.0.19
    cpe:2.3:a:php:php:7.0.19
  • PHP 7.0.20
    cpe:2.3:a:php:php:7.0.20
  • PHP 7.0.21
    cpe:2.3:a:php:php:7.0.21
  • PHP 7.0.22
    cpe:2.3:a:php:php:7.0.22
  • PHP 7.0.23
    cpe:2.3:a:php:php:7.0.23
  • PHP 7.0.24
    cpe:2.3:a:php:php:7.0.24
  • PHP 7.1.0
    cpe:2.3:a:php:php:7.1.0
  • PHP 7.1.1
    cpe:2.3:a:php:php:7.1.1
  • PHP 7.1.2
    cpe:2.3:a:php:php:7.1.2
  • PHP 7.1.3
    cpe:2.3:a:php:php:7.1.3
  • PHP 7.1.4
    cpe:2.3:a:php:php:7.1.4
  • PHP 7.1.5
    cpe:2.3:a:php:php:7.1.5
  • PHP 7.1.6
    cpe:2.3:a:php:php:7.1.6
  • PHP 7.1.7
    cpe:2.3:a:php:php:7.1.7
  • PHP 7.1.8
    cpe:2.3:a:php:php:7.1.8
  • PHP 7.1.9
    cpe:2.3:a:php:php:7.1.9
  • PHP 7.1.10
    cpe:2.3:a:php:php:7.1.10
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
exploit-db via4
file exploits/multiple/dos/43133.php
id EDB-ID:43133
last seen 2018-11-30
modified 2017-11-09
platform multiple
port
published 2017-11-09
reporter Exploit-DB
source https://www.exploit-db.com/download/43133
title PHP 7.1.8 - Heap Buffer Overflow
type dos
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3277-1.NASL
    description This update for php5 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120010
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120010
    title SUSE SLES12 Security Update : php5 (SUSE-SU-2017:3277-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4081.NASL
    description Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : - CVE-2017-11142 Denial of service via overly long form variables - CVE-2017-11143 Invalid free() in wddx_deserialize() - CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function. - CVE-2017-11145 Out-of-bounds read in wddx_deserialize() - CVE-2017-11628 Buffer overflow in PHP INI parsing API - CVE-2017-12933 Buffer overread in finish_nested_data() - CVE-2017-16642 Out-of-bounds read in timelib_meridian()
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 105664
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105664
    title Debian DSA-4081-1 : php5 - security update
  • NASL family CGI abuses
    NASL id PHP_7_1_11.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.11. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 104633
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104633
    title PHP 7.1.x < 7.1.11 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1353.NASL
    description This update for php7 fixes the following issues : Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). Bugs fixed : - Fix wrong reference when serialize/unserialize an object (bsc#1063815). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 105238
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105238
    title openSUSE Security Update : php7 (openSUSE-2017-1353)
  • NASL family CGI abuses
    NASL id PHP_5_6_32.NASL
    description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 104631
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104631
    title PHP 5.6.x < 5.6.32 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3237-1.NASL
    description This update for php7 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). Bugs fixed : - Fix wrong reference when serialize/unserialize an object (bsc#1063815). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120009
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120009
    title SUSE SLES12 Security Update : php7 (SUSE-SU-2017:3237-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3566-1.NASL
    description It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2018-5712) It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12933) It was discovered that PHP incorrectly handled 'front of' and 'back of' date directives. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-16642). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106792
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106792
    title Ubuntu 14.04 LTS : php5 vulnerabilities (USN-3566-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0003-1.NASL
    description This update for php53 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105513
    published 2018-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105513
    title SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0003-1)
  • NASL family CGI abuses
    NASL id PHP_7_0_25.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.25. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 104632
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104632
    title PHP 7.0.x < 7.0.25 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4080.NASL
    description Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : - CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function - CVE-2017-11145 Out-of-bounds read in wddx_deserialize() - CVE-2017-11628 Buffer overflow in PHP INI parsing API - CVE-2017-12932 / CVE-2017-12934 Use-after-frees during unserialisation - CVE-2017-12933 Buffer overread in finish_nested_data() - CVE-2017-16642 Out-of-bounds read in timelib_meridian()
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 105663
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105663
    title Debian DSA-4080-1 : php7.0 - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1371.NASL
    description This update for php5 fixes the following issues : Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 105266
    published 2017-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105266
    title openSUSE Security Update : php5 (openSUSE-2017-1371)
redhat via4
advisories
rhsa
id RHSA-2018:1296
refmap via4
bid 101745
confirm
debian
  • DSA-4080
  • DSA-4081
exploit-db 43133
ubuntu USN-3566-1
Last major update 07-11-2017 - 16:29
Published 07-11-2017 - 16:29
Last modified 24-11-2018 - 06:29
Back to Top