Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-11142

Published: 10 July 2017

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.

Notes

AuthorNote
sbeattie
PEAR issues should go against php-pear as of xenial

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (5.6.31)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

php7.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.0.17)
xenial Not vulnerable
(7.0.18-0ubuntu0.16.04.1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(7.0.18-0ubuntu0.16.04.1)
Patches:
upstream: https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
upstream: https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3
php7.1
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.1.3)
xenial Does not exist

yakkety Does not exist

zesty Does not exist