** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."
References
Link | Resource |
---|---|
https://github.com/php/php-src/pull/2396 | Patch |
https://bugs.php.net/bug.php?id=74146 | Issue Tracking |
Configurations
Information
Published : 2017-04-02 22:59
Updated : 2017-04-10 09:12
NVD link : CVE-2017-6441
Mitre link : CVE-2017-6441
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
php
- php