CVE-2017-11628

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.31 PHP versions 7.x prior to 7.0.21 PHP versions 7.1.x prior to 7.1.7

Description A stack-based buffer overflow in the zend ini do op() function could cause a denial of service or potentially allow executing code. This issue is relevant for PHP applications that accept untrusted input for the parse ini string or parse ini file function.

Recommendations For PHP versions prior to 5.6.31, update to version 5.6.31 or later. For PHP versions 7.x prior to 7.0.21, update to version 7.0.21 or later. For PHP versions 7.1.x prior to 7.1.7, update to version 7.1.7 or later. As a temporary workaround, consider restricting the use of the parse ini string and parse ini file functions to trusted input only, until a patch is available.