ID CVE-2017-6441
Summary ** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-04-2017 - 16:12)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
non_vulnerable_configuration via4
    refmap via4
    misc
    vulnerable_product via4 cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
    Last major update 10-04-2017 - 16:12
    Published 03-04-2017 - 05:59
    Back to Top