CVE-2017-16642

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.32 PHP versions 7.x prior to 7.0.25 PHP versions 7.1.x prior to 7.1.11

Description The issue is related to an out-of-bounds read in the ext/date/lib/parse date.c component of the PHP interpreter. This could allow a remote attacker to leak information from the interpreter by supplying specially crafted date strings. The error is specifically in the timelib meridian handling of 'front of' and 'back of' directives in the date extension, affecting the php parse date function.

Recommendations For PHP versions prior to 5.6.32, update to version 5.6.32 or later. For PHP versions 7.x prior to 7.0.25, update to version 7.0.25 or later. For PHP versions 7.1.x prior to 7.1.11, update to version 7.1.11 or later. As a temporary workaround, consider restricting the use of the date extension's timelib meridian handling of 'front of' and 'back of' directives until a patch is available.