PHP » PHP : Security Vulnerabilities Published In 2017 (Gain Information)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-16642 |
125 |
|
+Info |
2017-11-07 |
2019-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. |
2 |
CVE-2017-11145 |
200 |
|
+Info |
2017-07-10 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. |
3 |
CVE-2017-7890 |
200 |
|
+Info |
2017-08-02 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. |
Total number of vulnerabilities :
3
Page :
1
(This Page)