In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
References
Link | Resource |
---|---|
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451 | |
http://openwall.com/lists/oss-security/2017/07/10/6 | Mailing List Patch Third Party Advisory |
http://php.net/ChangeLog-5.php | Release Notes Vendor Advisory |
http://php.net/ChangeLog-7.php | Release Notes Vendor Advisory |
http://www.securityfocus.com/bid/99607 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:1296 | Third Party Advisory |
https://bugs.php.net/bug.php?id=73773 | Exploit Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20180112-0001/ | Third Party Advisory |
https://www.tenable.com/security/tns-2017-12 | Third Party Advisory |
Configurations
History
07 Nov 2023, 02:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Jul 2022, 17:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Netapp clustered Data Ontap |
|
References | (CONFIRM) https://www.tenable.com/security/tns-2017-12 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/99607 - Third Party Advisory, VDB Entry | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:1296 - Third Party Advisory | |
References | (CONFIRM) http://openwall.com/lists/oss-security/2017/07/10/6 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) http://git.php.net/?p=php-src.git;a=commit;h=e5246580a85f031e1a3b8064edbaa55c1643a451 - Broken Link, Mailing List, Vendor Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=73773 - Exploit, Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20180112-0001/ - Third Party Advisory | |
CPE | cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:* |
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
Information
Published : 2017-07-10 14:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-11147
Mitre link : CVE-2017-11147
CVE.ORG link : CVE-2017-11147
JSON object : View
Products Affected
netapp
- clustered_data_ontap
php
- php
CWE
CWE-125
Out-of-bounds Read