// For flags

CVE-2017-7963

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.

** DISPUTADA ** Las interfaces GNU Multiple Precision Arithmetic Library (GMP) para PHP hasta la versión 7.1.4 permiten a atacantes provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de operaciones en cadenas largas. NOTA: el proveedor se opone a esto, declarando: "No hay ningún problema de seguridad aquí, porque GMP aborta de forma segura en caso de una condición de OOM. El único vector de ataque aquí es la denegación de servicio. Sin embargo, si permite asignaciones no limitadas controladas por el atacante, tiene un vector DoS independientemente del comportamiento OOM de GMP".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-04-19 CVE Reserved
  • 2017-04-19 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://bugs.php.net/bug.php?id=74308 2024-05-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
<= 7.1.4
Search vendor "Php" for product "Php" and version " <= 7.1.4"
-
Affected