CVE-2017-16642
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-16642
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16642.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-16642
- Related
- Published
- 2017-11-07T21:29:00Z
- Modified
- 2024-08-01T08:22:43.375177Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the phpparsedate function. NOTE: this is a different issue than CVE-2017-11145.
- References
-
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/101745
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75055
- https://security.netapp.com/advisory/ntap-20181123-0001/
- https://www.debian.org/security/2018/dsa-4080
- https://www.debian.org/security/2018/dsa-4081
- https://www.exploit-db.com/exploits/43133/
- https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536
- https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1
- https://usn.ubuntu.com/3566-1/
Affected packages
Git / github.com/derickr/timelib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/derickr/timelib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2015.*
2015.01
2015.02
2016.*
2016.01
2016.02
2016.03
2016.04
2016.05
2017.*
2017.01
2017.02
2017.03
2017.04
2017.05beta1
2017.05beta2
2017.05beta3
2017.05beta4
2017.05beta5
2017.05beta6
Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24RC1
php-7.*
php-7.0.11RC1
php-7.0.12RC1
php-7.0.13RC1
php-7.0.3RC1
php-7.0.4RC1
php-7.0.5RC1
php-7.0.7RC1
php-7.0.8RC1
php-7.0.9RC1
php-7.1.0alpha2
php-7.1.11RC1