vulnerability

Oracle Solaris 11: CVE-2017-11144: Vulnerability in PHP

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jul 10, 2017	Apr 18, 2018	Feb 1, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jul 10, 2017

Added

Apr 18, 2018

Modified

Feb 1, 2022

Description

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Solutions

oracle-solaris-11-3-upgrade-web-php-56-5-6-34-0-175-3-31-0-2-0oracle-solaris-11-3-upgrade-web-php-71-7-1-15-0-175-3-31-0-2-0

References

CVE-2017-11144
https://attackerkb.com/topics/CVE-2017-11144
DEBIAN-DSA-4080
DEBIAN-DSA-4081
REDHAT-RHSA-2018:1296
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report