PT-2017-2598 · Php+7 · Php+7

Publicado

2017-05-12

Atualizado

2026-02-24

CVE-2017-8923

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP versions through 7.1.5

Description The issue is related to the zend string extend function in PHP, which does not prevent changes to string objects that result in a negative length. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. The vulnerability can be exploited by using a specially crafted script that utilizes the .= operation with a long string.

Recommendations For PHP versions through 7.1.5, update to a version that contains a fix for this issue to prevent potential denial of service or other impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-787

Identificadores relacionados

ALT-PU-2021-2876

ALT-PU-2021-2887

ALT-PU-2021-2943

ALT-PU-2021-2971

ALT-PU-2021-3645

BDU:2017-01814

CESA-2023_2903

CVE-2017-8923

OPENSUSE-SU-2022:0699-1

OPENSUSE-SU-2022_0679-1

OPENSUSE-SU-2022_0699-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2022_4069-1

RHSA-2023:2903

RHSA-2023_2903

SUSE-SU-2022:0530-1

SUSE-SU-2022:0577-1

SUSE-SU-2022:0679-1

SUSE-SU-2022:0699-1

SUSE-SU-2022:4067-1

SUSE-SU-2022:4068-1

SUSE-SU-2022:4069-1

SUSE-SU-2022_0530-1

SUSE-SU-2022_0699-1

USN-5300-1

USN-5300-2

USN-5300-3

Produtos afetados

Alt Linux

Centos

Linuxmint

Php

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2017-2598 · Php+7 · Php+7

CVE-2017-8923

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 101