UBUNTU-CVE-2017-7963

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2017-7963
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-7963.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-7963
Upstream
Published
2017-04-19T15:59:00Z
Modified
2026-04-22T11:34:22.545787Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.

References

Affected packages

Ubuntu:Pro:14.04:LTS / php5

Package

Name
php5
Purl
pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.29+esm16?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.5.3+dfsg-1ubuntu2
5.5.3+dfsg-1ubuntu3
5.5.6+dfsg-1ubuntu1
5.5.6+dfsg-1ubuntu2
5.5.8+dfsg-2ubuntu1
5.5.9+dfsg-1ubuntu1
5.5.9+dfsg-1ubuntu2
5.5.9+dfsg-1ubuntu3
5.5.9+dfsg-1ubuntu4
5.5.9+dfsg-1ubuntu4.1
5.5.9+dfsg-1ubuntu4.2
5.5.9+dfsg-1ubuntu4.3
5.5.9+dfsg-1ubuntu4.4
5.5.9+dfsg-1ubuntu4.5
5.5.9+dfsg-1ubuntu4.6
5.5.9+dfsg-1ubuntu4.7
5.5.9+dfsg-1ubuntu4.9
5.5.9+dfsg-1ubuntu4.11
5.5.9+dfsg-1ubuntu4.12
5.5.9+dfsg-1ubuntu4.13
5.5.9+dfsg-1ubuntu4.14
5.5.9+dfsg-1ubuntu4.16
5.5.9+dfsg-1ubuntu4.17
5.5.9+dfsg-1ubuntu4.19
5.5.9+dfsg-1ubuntu4.20
5.5.9+dfsg-1ubuntu4.21
5.5.9+dfsg-1ubuntu4.22
5.5.9+dfsg-1ubuntu4.23
5.5.9+dfsg-1ubuntu4.24
5.5.9+dfsg-1ubuntu4.25
5.5.9+dfsg-1ubuntu4.26
5.5.9+dfsg-1ubuntu4.27
5.5.9+dfsg-1ubuntu4.29
5.5.9+dfsg-1ubuntu4.29+esm1
5.5.9+dfsg-1ubuntu4.29+esm2
5.5.9+dfsg-1ubuntu4.29+esm3
5.5.9+dfsg-1ubuntu4.29+esm4
5.5.9+dfsg-1ubuntu4.29+esm5
5.5.9+dfsg-1ubuntu4.29+esm6
5.5.9+dfsg-1ubuntu4.29+esm8
5.5.9+dfsg-1ubuntu4.29+esm10
5.5.9+dfsg-1ubuntu4.29+esm11
5.5.9+dfsg-1ubuntu4.29+esm12
5.5.9+dfsg-1ubuntu4.29+esm13
5.5.9+dfsg-1ubuntu4.29+esm14
5.5.9+dfsg-1ubuntu4.29+esm15
5.5.9+dfsg-1ubuntu4.29+esm16

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "libapache2-mod-php5",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "libapache2-mod-php5filter",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "libphp5-embed",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php-pear",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-cgi",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-cli",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-common",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-curl",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-enchant",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-fpm",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-gd",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-gmp",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-intl",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-ldap",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-mysql",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-mysqlnd",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-odbc",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-pgsql",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-pspell",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-readline",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-recode",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-snmp",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-sqlite",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-sybase",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-tidy",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-xmlrpc",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        },
        {
            "binary_name": "php5-xsl",
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm16"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-7963.json"