CVE-2017-11144
php: Incorrect return value check of OpenSSL sealing function leads to crash
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
En PHP, en versiones anteriores a la 5.6.31, las versiones 7.x anteriores a la 7.0.21 y las versiones 7.1.x anteriores a la 7.1.7, el código de sellado PEM de la extensión openssl no comprobó el valor de retorno de la función de sellado de OpenSSL, lo que podría conducir al cierre inesperado del intérprete de PHP. Esto está relacionado con un conflicto de interpretación para un número negativo en ext/openssl/openssl.c y una omisión de documentación OpenSSL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-07-10 CVE Reserved
- 2017-07-10 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-253: Incorrect Check of Function Return Value
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=73cabfedf519298e1a11192699f44d53c529315e | X_refsource_confirm | |
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=89637c6b41b510c20d262c17483f582f115c66d6 | X_refsource_confirm | |
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2017/07/10/6 | Mailing List | |
| https://bugs.php.net/bug.php?id=74651 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20180112-0001 | X_refsource_confirm |
|
| https://www.tenable.com/security/tns-2017-12 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://php.net/ChangeLog-5.php | 2023-11-07 | |
| http://php.net/ChangeLog-7.php | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2018:1296 | 2023-11-07 | |
| https://www.debian.org/security/2018/dsa-4080 | 2023-11-07 | |
| https://www.debian.org/security/2018/dsa-4081 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-11144 | 2018-05-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1471827 | 2018-05-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.6.30 Search vendor "Php" for product "Php" and version " <= 5.6.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.0 Search vendor "Php" for product "Php" and version "7.0.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.1 Search vendor "Php" for product "Php" and version "7.0.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.2 Search vendor "Php" for product "Php" and version "7.0.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.3 Search vendor "Php" for product "Php" and version "7.0.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.4 Search vendor "Php" for product "Php" and version "7.0.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.5 Search vendor "Php" for product "Php" and version "7.0.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.6 Search vendor "Php" for product "Php" and version "7.0.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.7 Search vendor "Php" for product "Php" and version "7.0.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.8 Search vendor "Php" for product "Php" and version "7.0.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.9 Search vendor "Php" for product "Php" and version "7.0.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.10 Search vendor "Php" for product "Php" and version "7.0.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.11 Search vendor "Php" for product "Php" and version "7.0.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.12 Search vendor "Php" for product "Php" and version "7.0.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.13 Search vendor "Php" for product "Php" and version "7.0.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.14 Search vendor "Php" for product "Php" and version "7.0.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.15 Search vendor "Php" for product "Php" and version "7.0.15" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.16 Search vendor "Php" for product "Php" and version "7.0.16" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.17 Search vendor "Php" for product "Php" and version "7.0.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.18 Search vendor "Php" for product "Php" and version "7.0.18" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.19 Search vendor "Php" for product "Php" and version "7.0.19" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.20 Search vendor "Php" for product "Php" and version "7.0.20" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.0 Search vendor "Php" for product "Php" and version "7.1.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.1 Search vendor "Php" for product "Php" and version "7.1.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.2 Search vendor "Php" for product "Php" and version "7.1.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.3 Search vendor "Php" for product "Php" and version "7.1.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.4 Search vendor "Php" for product "Php" and version "7.1.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.5 Search vendor "Php" for product "Php" and version "7.1.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.6 Search vendor "Php" for product "Php" and version "7.1.6" | - |
Affected
| ||||||