CVE-2017-11628

2017-07-2500:00:00

ubuntu.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

64.8%

JSON

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a
stack-based buffer overflow in the zend_ini_do_op() function in
Zend/zend_ini_parser.c could cause a denial of service or potentially allow
executing code. NOTE: this is only relevant for PHP applications that
accept untrusted input (instead of the system’s php.ini file) for the
parse_ini_string or parse_ini_file function, e.g., a web application for
syntax validation of php.ini directives.

Bugs

<https://bugs.php.net/bug.php?id=74603>

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.22UNKNOWN
ubuntu16.04noarchphp7.0< 7.0.22-0ubuntu0.16.04.1UNKNOWN
ubuntu17.04noarchphp7.0< 7.0.22-0ubuntu0.17.04.1UNKNOWN
ubuntu17.10noarchphp7.1< 7.1.8-1ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	php5	< 5.5.9+dfsg-1ubuntu4.22	UNKNOWN
ubuntu	16.04	noarch	php7.0	< 7.0.22-0ubuntu0.16.04.1	UNKNOWN
ubuntu	17.04	noarch	php7.0	< 7.0.22-0ubuntu0.17.04.1	UNKNOWN
ubuntu	17.10	noarch	php7.1	< 7.1.8-1ubuntu1	UNKNOWN