vulnerability

F5 Networks: K75543432 (CVE-2017-11628): PHP vulnerability CVE-2017-11628

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	2017-07-25	2017-11-06	2018-06-07

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

2017-07-25

Added

2017-11-06

Modified

2018-06-07

Description

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.

Solution

f5-big-ip-upgrade-latest

References

URL-https://support.f5.com/csp/article/K75543432
BID-99489
REDHAT-RHSA-2018:1296
GENTOO-GLSA-201709-21
DEBIAN-DSA-4080
DEBIAN-DSA-4081
NVD-CVE-2017-11628
UBUNTU-USN-3382-1
UBUNTU-USN-3382-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today