Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2017-9118
HistoryAug 02, 2018 - 12:00 a.m.

CVE-2017-9118

2018-08-0200:00:00
ubuntu.com
ubuntu.com
12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.1%

JSON

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a
crafted preg_replace call.

Bugs

Notes

Author Note
leosilva unfixed upstream as of 2020-06-23
rodrigo-zaiden php7.0 retriage on 2022-02-01 found that upstream fixed it on 2021-11-29, information is now updated to reflect this. xenial (php7.0) returns an oom instead of crashing while running the poc from the php bug tracker, but the vulnerable code is present and the patch is applicable.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5< anyUNKNOWN
ubuntu16.04noarchphp7.0< 7.0.33-0ubuntu0.16.04.16+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu18.04noarchphp7.2< 7.2.24-0ubuntu0.18.04.11UNKNOWN
ubuntu20.04noarchphp7.4< 7.4.3-4ubuntu2.10UNKNOWN
ubuntu21.10noarchphp8.0< 8.0.8-1ubuntu0.3UNKNOWN
ubuntu22.04noarchphp8.1< 8.1.2-1ubuntu1UNKNOWN
ubuntu22.10noarchphp8.1< 8.1.2-1ubuntu1UNKNOWN
ubuntu23.04noarchphp8.1< 8.1.2-1ubuntu1UNKNOWN

Related

suse 2
debiancve 1
prion 1
nessus 12
redhatcve 1
mageia 1
openvas 15
osv 3
veracode 1
cve 1
cbl_mariner 1
ibm 2
ubuntu 3
redhat 1
suse
suse
Security update for php7 (moderate)
2018-09-07 15:10:36
Security update for php5 (moderate)
2018-09-12 12:08:47
debiancve
debiancve
CVE-2017-9118
2018-08-02 15:29:00
prion
prion
Out-of-bounds
2018-08-02 15:29:00
nessus
nessus
SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2640-1)
2019-01-02 00:00:00
openSUSE Security Update : php7 (openSUSE-2018-976)
2018-09-10 00:00:00
SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1)
2018-09-12 00:00:00
redhatcve
redhatcve
CVE-2017-9118
2019-10-20 12:03:51
mageia
mageia
Updated php packages fix security vulnerability
2021-12-24 00:01:45
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0581)
2022-01-28 00:00:00
PHP 'php_pcre_replace_impl' Out of Bounds Access Vulnerability - Windows
2018-08-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2640-1)
2021-06-09 00:00:00
osv
osv
CVE-2017-9118
2018-08-02 15:29:00
php7.2, php7.4 vulnerabilities
2022-03-03 13:58:39
php7.0 vulnerabilities
2022-02-22 20:26:05
veracode
veracode
Out-of-Bounds Access
2019-08-20 00:10:40
cve
cve
CVE-2017-9118
2018-08-02 15:29:00
cbl_mariner
cbl_mariner
CVE-2017-9118 affecting package php 7.4.14-3
2024-04-25 21:07:32
ibm
ibm
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2018-14851 CVE-2017-9118)
2019-04-15 15:25:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118)
2023-12-07 22:45:03
ubuntu
ubuntu
PHP vulnerabilities
2022-03-07 00:00:00
PHP vulnerabilities
2022-02-22 00:00:00
PHP vulnerabilities
2022-03-03 00:00:00
redhat
redhat
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.1%

JSON
Related for UB:CVE-2017-9118
suse2debiancve1prion1nessus12redhatcve1mageia1openvas15osv3veracode1cve1cbl_mariner1ibm2ubuntu3redhat1