PT-2017-4176 · Php+2 · Php+2

Varsleak

Publicado

2017-07-10

Atualizado

2018-05-04

CVE-2017-11143

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.31

Description The issue is related to flaws in the deserialization mechanism of the PHP programming language interpreter. It may allow a remote attacker to cause a denial of service by injecting XML for deserialization, potentially crashing the PHP interpreter due to an invalid free for an empty boolean element.

Recommendations For PHP versions prior to 5.6.31, update to version 5.6.31 or later to resolve the issue. As a temporary workaround, consider restricting the deserialization of boolean parameters to minimize the risk of exploitation.

Correção

Deserialization of Untrusted Data

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-416

Identificadores relacionados

BDU:2022-02419

CVE-2017-11143

DLA-1034-1

DSA-4081-1

RHSA-2018:1296

SUSE-SU-2017:2317-1

USN-3382-1

USN-3382-2

Produtos afetados

Php

Suse

Ubuntu

PT-2017-4176 · Php+2 · Php+2

CVE-2017-11143

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 101