Vulnerability CVE-2017-16642


Published: 2017-11-07

Description:
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Type:

CWE-125

(Out-of-bounds Read)

Vendor: PHP
Product: PHP 
Version:
7.1.9
7.1.8
7.1.7
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.10
7.1.1
7.1.0
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.24
7.0.23
7.0.22
7.0.21
7.0.20
7.0.2
7.0.19
7.0.18
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.1
7.0.0
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.31
5.6.30
5.6.3
5.6.29
5.6.28
5.6.27
5.6.26
5.6.25
5.6.24
5.6.23
5.6.22
5.6.21
5.6.20
5.6.2
5.6.19
5.6.18
5.6.17
5.6.16
5.6.15
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.1
5.6.0
5.5.9
5.5.8
5.5.7
5.5.6
5.5.5
5.5.4
5.5.38
5.5.37
5.5.36
5.5.35
5.5.34
5.5.33
5.5.32
5.5.31
5.5.30
5.5.3
5.5.29
5.5.28
5.5.27
5.5.26
5.5.25
5.5.24
5.5.23
5.5.22
5.5.21
5.5.20
5.5.2
5.5.19
5.5.18
5.5.17
5.5.16
5.5.15
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/101745
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=75055
https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536
https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1
https://usn.ubuntu.com/3566-1/
https://www.debian.org/security/2018/dsa-4080
https://www.debian.org/security/2018/dsa-4081
https://www.exploit-db.com/exploits/43133/

Related CVE
CVE-2018-10549
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a Make...
CVE-2018-10548
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishan...
CVE-2018-10547
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE:...
CVE-2018-10546
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one u...
CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This ...
CVE-2015-9253
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system...
CVE-2016-10712
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "...

Copyright 2018, cxsecurity.com

 

Back to Top