Home CVE Database CVE-2017-11147

CVE-2017-11147

Description

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

Priority: MEDIUM
CVSS v3: 9.1
Publish Date: Jul 10, 2017
Related ID: --
CVSS v2: Critical
Modified Date: Jul 10, 2017

Find out more about CVE-2017-11147 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

php

Live chat
Online