CVE-2017-11147

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
phpphp
𝑥
< 5.6.30
phpphp
7.0.0 ≤
𝑥
< 7.0.15
phpphp
7.1.0 ≤
𝑥
< 7.1.1
netappclustered_data_ontap
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.22
released
php7.0
artful
dne
zesty
not-affected
yakkety
ignored
xenial
not-affected
trusty
dne
php7.1
artful
not-affected
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451
http://openwall.com/lists/oss-security/2017/07/10/6
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/99607
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73773
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.tenable.com/security/tns-2017-12
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451
http://openwall.com/lists/oss-security/2017/07/10/6
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/99607
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73773
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.tenable.com/security/tns-2017-12