CVE-2017-16642

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
References
Link Resource
https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1 Issue Tracking Patch Third Party Advisory
https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536 Issue Tracking Patch Third Party Advisory
https://bugs.php.net/bug.php?id=75055 Issue Tracking Vendor Advisory
http://php.net/ChangeLog-7.php Issue Tracking Release Notes Vendor Advisory
http://php.net/ChangeLog-5.php Issue Tracking Release Notes Vendor Advisory
http://www.securityfocus.com/bid/101745 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43133/ Exploit Issue Tracking Third Party Advisory VDB Entry
https://www.debian.org/security/2018/dsa-4081 Third Party Advisory
https://www.debian.org/security/2018/dsa-4080 Third Party Advisory
https://usn.ubuntu.com/3566-1/ Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1296 Third Party Advisory
https://security.netapp.com/advisory/ntap-20181123-0001/ Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2519
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Information

Published : 2017-11-07 13:29

Updated : 2019-08-19 04:15


NVD link : CVE-2017-16642

Mitre link : CVE-2017-16642


JSON object : View

CWE
CWE-125

Out-of-bounds Read

Advertisement

dedicated server usa

Products Affected

netapp

  • clustered_data_ontap
  • storage_automation_store

canonical

  • ubuntu_linux

php

  • php

debian

  • debian_linux