CVE-2017-11147

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

Published : 2017-07-10 14:29 Updated : 2019-10-03 00:03

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Php Php 7.0.4 cpe:/a:php:php:7.0.4
Php Php 7.0.9 cpe:/a:php:php:7.0.9
Php Php 7.0.0 cpe:/a:php:php:7.0.0
Php Php 7.0.13 cpe:/a:php:php:7.0.13
Php Php 7.0.1 cpe:/a:php:php:7.0.1
Php Php 7.0.14 cpe:/a:php:php:7.0.14
Php Php 7.0.3 cpe:/a:php:php:7.0.3
Php Php 7.0.2 cpe:/a:php:php:7.0.2
Php Php 7.0.5 cpe:/a:php:php:7.0.5
Php Php 7.0.10 cpe:/a:php:php:7.0.10
Php Php 5.6.29 cpe:/a:php:php:5.6.29
Php Php 7.0.7 cpe:/a:php:php:7.0.7
Php Php 7.0.12 cpe:/a:php:php:7.0.12
Php Php 7.0.6 cpe:/a:php:php:7.0.6
Php Php 7.0.11 cpe:/a:php:php:7.0.11
Php Php 7.0.8 cpe:/a:php:php:7.0.8
  1. Php (1) Search CVE
    1. Php (16) Search CVE
      1. 7.0.4
      2. 7.0.9
      3. 7.0.0
      4. 7.0.13
      5. 7.0.1
      6. 7.0.14
      7. 7.0.3
      8. 7.0.2
      9. 7.0.5
      10. 7.0.10
      11. 5.6.29
      12. 7.0.7
      13. 7.0.12
      14. 7.0.6
      15. 7.0.11
      16. 7.0.8

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-10-03 00:03
2018-05-04 01:29
2018-01-14 02:29
2017-11-03 01:29
2017-07-19 05:30
2017-07-16 12:30
2017-07-10 14:29

New CVE