Vulnerability Name:

CVE-2017-11628

Assigned:2017-07-25
Published:2017-07-25
Updated:2018-05-03
Summary:In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
CVSS v3 Severity:7.8 High (CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
References:Source: MISC
Type: VENDOR_ADVISORY
http://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e

Source: MISC
Type: VENDOR_ADVISORY
http://git.php.net/?p=php-src.git;a=commit;h=5f8380d33e648964d2d5140f329cf2d4c443033c

Source: BID
Type: VENDOR_ADVISORY
99489

Source: REDHAT
Type: UNKNOWN
RHSA-2018:1296

Source: MISC
Type: VENDOR_ADVISORY
https://bugs.php.net/bug.php?id=74603

Source: XF
Type: UNKNOWN
php-cve201711628-bo(129461)

Source: GENTOO
Type: UNKNOWN
GLSA-201709-21

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20180112-0001/

Source: DEBIAN
Type: UNKNOWN
DSA-4080

Source: DEBIAN
Type: UNKNOWN
DSA-4081

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:5.6.30:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:php:php:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.20:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:php:php:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:php:php:5.6.30:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.1.6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201711628
    V
    CVE-2017-11628
    2018-09-18
    oval:com.ubuntu.xenial:def:201711628000
    V
    CVE-2017-11628 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-07-25
    oval:com.ubuntu.trusty:def:201711628000
    V
    CVE-2017-11628 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-07-25
    oval:com.ubuntu.artful:def:201711628000
    V
    CVE-2017-11628 on Ubuntu 17.10 (artful) - medium.
    2017-07-25
    BACK
    php php 5.6.30
    php php 7.0.0
    php php 7.0.1
    php php 7.0.2
    php php 7.0.3
    php php 7.0.4
    php php 7.0.5
    php php 7.0.6
    php php 7.0.7
    php php 7.0.8
    php php 7.0.9
    php php 7.0.10
    php php 7.0.11
    php php 7.0.12
    php php 7.0.13
    php php 7.0.14
    php php 7.0.15
    php php 7.0.16
    php php 7.0.17
    php php 7.0.18
    php php 7.0.19
    php php 7.0.20
    php php 7.1.0
    php php 7.1.1
    php php 7.1.2
    php php 7.1.3
    php php 7.1.4
    php php 7.1.5
    php php 7.1.6
    php php 5.6.30
    php php 7.0.20
    php php 7.1.6