Your submission was sent successfully! Close

CVE-2017-11142

Published: 10 July 2017

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (5.6.31)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

php7.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.0.17)
xenial Not vulnerable
(7.0.18-0ubuntu0.16.04.1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(7.0.18-0ubuntu0.16.04.1)
php7.1
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.1.3)
xenial Does not exist

yakkety Does not exist

zesty Does not exist