Showing 1 - 6 of 6

CVE-2017-11628

Status Candidate

Overview

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.

Related Files

Red Hat Security Advisory 2018-1296-01: Posted May 4, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1296-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php. Issues addressed include buffer overflow, cross site scripting, denial of service, heap overflow, remote file inclusion, and use-after-free vulnerabilities.; tags | advisory, remote, web, denial of service, overflow, php, vulnerability, xss, file inclusion; systems | linux, redhat; advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-10167, CVE-2016-10168, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7479, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934; SHA-256 | 7d3b1f62dd47f6ccce2cd1aa1495159b5a0ec53d7009c7657d7a8518e489c754; Download | Favorite | View

Debian Security Advisory 4080-1: Posted Jan 10, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.; tags | advisory, php, vulnerability; systems | linux, debian; advisories | CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642; SHA-256 | fb40631b4e6e2aa36a01a6097b8791637329c2a2a7b66ec5d5560c871d05ec6a; Download | Favorite | View

Debian Security Advisory 4081-1: Posted Jan 10, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4081-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.; tags | advisory, php, vulnerability; systems | linux, debian; advisories | CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12933, CVE-2017-16642; SHA-256 | f7aae35ae4ec77a819fbff5ac55f53d91ca4cdc6887bdb1c9c1f9c3f7ea1b7e8; Download | Favorite | View

Ubuntu Security Notice USN-3382-2: Posted Dec 18, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3382-2 - USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. Various other issues were also addressed.; tags | advisory, remote, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11628, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229; SHA-256 | 4730777f8234166a0aca926651b742452e288c5899a8de45f4f97da1ed324225; Download | Favorite | View

Gentoo Linux Security Advisory 201709-21: Posted Sep 25, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201709-21 - Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary code. Versions less than 5.6.31:5.6 are affected.; tags | advisory, arbitrary, php, vulnerability; systems | linux, gentoo; advisories | CVE-2017-11362, CVE-2017-11628, CVE-2017-12932; SHA-256 | d141275b179501f4e8a5e6b7a0eafc716393e9b83ec4859f38d82d4b37729b7c; Download | Favorite | View

Ubuntu Security Notice USN-3382-1: Posted Aug 10, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3382-1 - It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.; tags | advisory, remote, local, php; systems | linux, ubuntu; advisories | CVE-2015-8994, CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229; SHA-256 | ad9cf63865d9cf099b246adbfb7844ca072a1d8c2f6456d48165e03202b65312; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 54 files
Debian 28 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Google Security Research 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,023)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,346)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,586)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,464)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2017-11628

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems