7.5

CVE-2017-11144

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Data is provided by the National Vulnerability Database (NVD)
PhpPhp Version <= 5.6.30
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version7.0.10
PhpPhp Version7.0.11
PhpPhp Version7.0.12
PhpPhp Version7.0.13
PhpPhp Version7.0.14
PhpPhp Version7.0.15
PhpPhp Version7.0.16
PhpPhp Version7.0.17
PhpPhp Version7.0.18
PhpPhp Version7.0.19
PhpPhp Version7.0.20
PhpPhp Version7.1.0
PhpPhp Version7.1.1
PhpPhp Version7.1.2
PhpPhp Version7.1.3
PhpPhp Version7.1.4
PhpPhp Version7.1.5
PhpPhp Version7.1.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 41.63% 0.973
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

http://php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://php.net/ChangeLog-7.php
Vendor Advisory
Release Notes