Home CVE Database CVE-2017-11145

CVE-2017-11145

Description

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension\'s timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Jul 10, 2017
Related ID: --
CVSS v2: High
Modified Date: Jul 10, 2017

Find out more about CVE-2017-11145 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- --
Wind River Linux 9 Fixed LIN9-4647
9.0.0.10 Wind River Linux 9.0.0.10
Wind River Linux 9.0.0.11
Wind River Linux 9.0.0.12
Wind River Linux 9.0.0.13
Wind River Linux 9.0.0.14
Wind River Linux 9.0.0.15
Wind River Linux 9.0.0.16
Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 8 Vulnerable LIN8-7088
-- --
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

php

Live chat
Online