CVE-2017-11143

php: Incorrect WDDX deserialization of boolean parameters leads to DoS

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

En PHP anterior a versión 5.6.31, una liberación no válida en la deserialización WDDX de parámetros booleanos podría ser utilizada por atacantes capaces de inyectar XML para la deserialización en el bloqueo del intérprete PHP, relacionado con una liberación no válida para un elemento booleano vacío en el archivo ext/wddx/wddx.c.

It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-07-10 CVE Reserved
2017-07-10 CVE Published
2024-08-05 CVE Updated
2025-04-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free
CWE-502: Deserialization of Untrusted Data

CAPEC

References (11)

URL	Tag	Source
http://www.securityfocus.com/bid/99553	Vdb Entry
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7	X_refsource_confirm
https://security.netapp.com/advisory/ntap-20180112-0001	X_refsource_confirm
https://www.tenable.com/security/tns-2017-12	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://openwall.com/lists/oss-security/2017/07/10/6	2023-11-07
https://bugs.php.net/bug.php?id=74145	2023-11-07

URL	Date	SRC
http://php.net/ChangeLog-5.php	2023-11-07
https://access.redhat.com/errata/RHSA-2018:1296	2023-11-07
https://www.debian.org/security/2018/dsa-4081	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-11143	2018-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=1471824	2018-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				<= 5.6.30 Search vendor "Php" for product "Php" and version " <= 5.6.30"		-		Affected