CVE-2017-16642
First published: Thu Oct 26 2017(Updated: )
Fixed bug (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | <5.6.32 | |
| PHP PHP | >=7.0.0<7.0.25 | |
| PHP PHP | >=7.1.0<7.1.11 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Netapp Storage Automation Store | ||
| NetApp Clustered Data ONTAP | ||
| PHP PHP | <7.0.25 | 7.0.25 |
| debian/php5 | ||
| debian/php7.0 | ||
| debian/php7.1 | ||
| redhat/php | <7.0.25 | 7.0.25 |
| redhat/php | <7.1.11 | 7.1.11 |
| redhat/php | <7.2.0 | 7.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/101745
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75055
- https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536
- https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1
- https://security.netapp.com/advisory/ntap-20181123-0001/
- https://usn.ubuntu.com/3566-1/
- https://www.debian.org/security/2018/dsa-4080
- https://www.debian.org/security/2018/dsa-4081
- https://www.exploit-db.com/exploits/43133/
- https://launchpad.net/bugs/cve/CVE-2017-16642
- https://www.php.net/ChangeLog-7.php#7.0.25 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2017-16642
- https://access.redhat.com/security/cve/CVE-2017-11145
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1512059
- https://bugzilla.redhat.com/show_bug.cgi?id=1512057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642
- https://nvd.nist.gov/vuln/detail/CVE-2017-16642
- https://ubuntu.com/security/CVE-2017-16642
Frequently Asked Questions
What is the vulnerability ID of this bug?
The vulnerability ID is CVE-2017-16642.
What is the severity level of CVE-2017-16642?
The severity level of CVE-2017-16642 is high.
What is the affected software for CVE-2017-16642?
The affected software for CVE-2017-16642 is PHP versions before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11.
How can this vulnerability be exploited?
Attackers able to supply date strings can exploit this vulnerability to leak information from the interpreter.
Is there a fix available for CVE-2017-16642?
Yes, the fix for CVE-2017-16642 is available in PHP versions 5.6.32, 7.0.25, and 7.1.11.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/php-changelog
- source/PHP
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-16642
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/usn-cve
- source/Ubuntu
- vendor/php
- canonical/php php
- version/php php/7.0.0
- version/php php/7.1.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- vendor/netapp
- canonical/netapp storage automation store
- canonical/netapp clustered data ontap
- package-manager/debian
- package-manager/redhat