← Back

CVE-2017-11147

nvd nist
Published: Jul 10, 2017Modified: May 13, 2026

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

Affected (4)

Php
1 product
Php
Netapp
1 product
Clustered Data Ontap
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Php
Php
Before 5.6.30
Php
From 7.0.0 to 7.0.15
Php
From 7.1.0 to 7.1.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Clustered Data Ontap
All versions

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (18)

Source: cve@mitre.org
Source: cve@mitre.org
Mailing ListPatchThird Party Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.