Your submission was sent successfully! Close

CVE-2017-16642

Published: 7 November 2017

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Not vulnerable
(code not present)
trusty
Released (5.5.9+dfsg-1ubuntu4.23)
upstream Needs triage

xenial Does not exist

zesty Does not exist

php7.0
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.0.25)
xenial
Released (7.0.25-0ubuntu0.16.04.1)
zesty Ignored
(reached end-of-life)
php7.1
Launchpad, Ubuntu, Debian
artful Not vulnerable
(7.1.11-0ubuntu0.17.10.1)
bionic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.1.11)
xenial Does not exist

zesty Does not exist