CVE-2017-6441

Name of the Vulnerable Software and Affected Versions PHP version 7.1.2

Description The issue in the zval get long func ex function in Zend/zend operators.c allows attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via crafted use of declare(ticks= in a PHP script. The vendor disputes the classification of this issue as a vulnerability.

Recommendations For PHP version 7.1.2, consider updating to a newer version to mitigate the risk, although the vendor does not acknowledge this as a security issue. As a temporary workaround, consider restricting the use of the declare(ticks= function in PHP scripts to minimize the risk of exploitation.