FKIE_CVE-2017-11143

Vulnerability from fkie_nvd - Published: 2017-07-10 14:29 - Updated: 2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.
References
cve@mitre.orghttp://openwall.com/lists/oss-security/2017/07/10/6Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://php.net/ChangeLog-5.phpRelease Notes, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/99553
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:1296
cve@mitre.orghttps://bugs.php.net/bug.php?id=74145Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20180112-0001/
cve@mitre.orghttps://www.debian.org/security/2018/dsa-4081
cve@mitre.orghttps://www.tenable.com/security/tns-2017-12
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2017/07/10/6Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://php.net/ChangeLog-5.phpRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99553
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1296
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=74145Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180112-0001/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4081
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2017-12
Impacted products
Vendor Product Version
php php *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "399EA21A-9B46-4F4F-9A33-4DC557B11743",
              "versionEndIncluding": "5.6.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c."
    },
    {
      "lang": "es",
      "value": "En PHP anterior a versi\u00f3n 5.6.31, una liberaci\u00f3n no v\u00e1lida en la deserializaci\u00f3n WDDX de par\u00e1metros booleanos podr\u00eda ser utilizada por atacantes capaces de inyectar XML para la deserializaci\u00f3n en el bloqueo del int\u00e9rprete PHP, relacionado con una liberaci\u00f3n no v\u00e1lida para un elemento booleano vac\u00edo en el archivo ext/wddx/wddx.c."
    }
  ],
  "id": "CVE-2017-11143",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-10T14:29:00.587",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2017/07/10/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/99553"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=74145"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2018/dsa-4081"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.tenable.com/security/tns-2017-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2017/07/10/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/99553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=74145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tenable.com/security/tns-2017-12"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        },
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.