CVE-2017-11142

Published: Jul 10, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.

Affected (21)

Products: Php: Php

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.6.30
Php Php	Version 7.0.0
Php Php	Version 7.0.10
Php Php	Version 7.0.11
Php Php	Version 7.0.12
Php Php	Version 7.0.13
Php Php	Version 7.0.14
Php Php	Version 7.0.15
Php Php	Version 7.0.16
Php Php	Version 7.0.1
Php Php	Version 7.0.2
Php Php	Version 7.0.3
Php Php	Version 7.0.4
Php Php	Version 7.0.5
Php Php	Version 7.0.6
Php Php	Version 7.0.7
Php Php	Version 7.0.8
Php Php	Version 7.0.9
Php Php	Version 7.1.0
Php Php	Version 7.1.1
Php Php	Version 7.1.2

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (20)

http://openwall.com/lists/oss-security/2017/07/10/6

Source: cve@mitre.org

Mailing List

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

Release NotesVendor Advisory

http://php.net/ChangeLog-7.php

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.securityfocus.com/bid/99601

Source: cve@mitre.org

https://bugs.php.net/bug.php?id=73807

Source: cve@mitre.org

Vendor Advisory

https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3

Source: cve@mitre.org

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20180112-0001/

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4081

Source: cve@mitre.org

https://www.tenable.com/security/tns-2017-12

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2017/07/10/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://php.net/ChangeLog-7.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.securityfocus.com/bid/99601

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=73807

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20180112-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4081

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tenable.com/security/tns-2017-12

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.