7.5

CVE-2017-11145

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.6.30
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version7.0.10
PhpPhp Version7.0.11
PhpPhp Version7.0.12
PhpPhp Version7.0.13
PhpPhp Version7.0.14
PhpPhp Version7.0.15
PhpPhp Version7.0.16
PhpPhp Version7.0.17
PhpPhp Version7.0.18
PhpPhp Version7.0.19
PhpPhp Version7.0.20
PhpPhp Version7.1.0
PhpPhp Version7.1.1
PhpPhp Version7.1.2
PhpPhp Version7.1.3
PhpPhp Version7.1.4
PhpPhp Version7.1.5
PhpPhp Version7.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.81% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://php.net/ChangeLog-7.php
Vendor Advisory
Release Notes
https://access.redhat.com/errata/RHSA-2018:1296
https://security.netapp.com/advisory/ntap-20180112-0001/
http://openwall.com/lists/oss-security/2017/07/10/6
Third Party Advisory
Mailing List
https://www.debian.org/security/2018/dsa-4081
https://www.tenable.com/security/tns-2017-12
https://www.debian.org/security/2018/dsa-4080
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e8b7698f5ee757ce2c8bd10a192a491a498f891c
http://www.securityfocus.com/bid/99550
https://bugs.php.net/bug.php?id=74819
Third Party Advisory
https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75
Patch
Third Party Advisory