CVE-2017-11147
N/A
N/A
Summary
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://openwall.com/lists/oss-security/2017/07/10/6
- https://www.tenable.com/security/tns-2017-12
- https://access.redhat.com/errata/RHSA-2018:1296
- http://php.net/ChangeLog-5.php
- https://security.netapp.com/advisory/ntap-20180112-0001/
- http://php.net/ChangeLog-7.php
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451
- http://www.securityfocus.com/bid/99607
- https://bugs.php.net/bug.php?id=73773
References
- http://openwall.com/lists/oss-security/2017/07/10/6
- https://www.tenable.com/security/tns-2017-12
- https://access.redhat.com/errata/RHSA-2018:1296
- http://php.net/ChangeLog-5.php
- https://security.netapp.com/advisory/ntap-20180112-0001/
- http://php.net/ChangeLog-7.php
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451
- http://www.securityfocus.com/bid/99607
- https://bugs.php.net/bug.php?id=73773
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.