CVE-2017-11144

Published: Jul 10, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Affected (29)

Products: Php: Php

1 product

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.6.30
Php Php	Version 7.0.0
Php Php	Version 7.0.10
Php Php	Version 7.0.11
Php Php	Version 7.0.12
Php Php	Version 7.0.13
Php Php	Version 7.0.14
Php Php	Version 7.0.15
Php Php	Version 7.0.16
Php Php	Version 7.0.17
Php Php	Version 7.0.18
Php Php	Version 7.0.19
Php Php	Version 7.0.1
Php Php	Version 7.0.20
Php Php	Version 7.0.2
Php Php	Version 7.0.3
Php Php	Version 7.0.4
Php Php	Version 7.0.5
Php Php	Version 7.0.6
Php Php	Version 7.0.7
Php Php	Version 7.0.8
Php Php	Version 7.0.9
Php Php	Version 7.1.0
Php Php	Version 7.1.1
Php Php	Version 7.1.2
Php Php	Version 7.1.3
Php Php	Version 7.1.4
Php Php	Version 7.1.5
Php Php	Version 7.1.6

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (24)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=73cabfedf519298e1a11192699f44d53c529315e

Source: cve@mitre.org

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=89637c6b41b510c20d262c17483f582f115c66d6

Source: cve@mitre.org

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91826a311dd37f4c4e5d605fa7af331e80ddd4c3

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2017/07/10/6

Source: cve@mitre.org

Mailing List

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

Release NotesVendor Advisory

http://php.net/ChangeLog-7.php

Source: cve@mitre.org

Release NotesVendor Advisory

https://access.redhat.com/errata/RHSA-2018:1296

Source: cve@mitre.org

https://bugs.php.net/bug.php?id=74651

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180112-0001/

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4080

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4081

Source: cve@mitre.org

https://www.tenable.com/security/tns-2017-12

Source: cve@mitre.org

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=73cabfedf519298e1a11192699f44d53c529315e

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=89637c6b41b510c20d262c17483f582f115c66d6

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91826a311dd37f4c4e5d605fa7af331e80ddd4c3

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2017/07/10/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://php.net/ChangeLog-7.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://access.redhat.com/errata/RHSA-2018:1296

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=74651

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180112-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4080

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4081

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tenable.com/security/tns-2017-12

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.