Home CVE Database CVE-2017-11147



In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

Priority: MEDIUM
CVSS v3: 9.1
Publish Date: Jul 10, 2017
Related ID: --
CVSS v2: Critical
Modified Date: Jul 10, 2017

Find out more about CVE-2017-11147 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --



Live chat