In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=73cabfedf519298e1a11192699f44d53c529315e - | |
References | () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=89637c6b41b510c20d262c17483f582f115c66d6 - | |
References | () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 - | |
References | () http://openwall.com/lists/oss-security/2017/07/10/6 - Mailing List | |
References | () http://php.net/ChangeLog-5.php - Release Notes, Vendor Advisory | |
References | () http://php.net/ChangeLog-7.php - Release Notes, Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1296 - | |
References | () https://bugs.php.net/bug.php?id=74651 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20180112-0001/ - | |
References | () https://www.debian.org/security/2018/dsa-4080 - | |
References | () https://www.debian.org/security/2018/dsa-4081 - | |
References | () https://www.tenable.com/security/tns-2017-12 - |
07 Nov 2023, 02:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-07-10 14:29
Updated : 2024-11-21 03:07
NVD link : CVE-2017-11144
Mitre link : CVE-2017-11144
CVE.ORG link : CVE-2017-11144
JSON object : View
Products Affected
php
- php
CWE
CWE-754
Improper Check for Unusual or Exceptional Conditions