CVE-2017-11144
Description
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
31.032
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| HTML-embedded scripting language interpreter (USN-2984-1) php7.0-cgi_7.0.22-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) php7.0-cgi_7.0.22-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) php7.0-cli_7.0.22-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) php7.0-cli_7.0.22-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) php7.0-fpm_7.0.22-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) php7.0-fpm_7.0.22-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) libapache2-mod-php7.0_7.0.22-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-2984-1) libapache2-mod-php7.0_7.0.22-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) php5-cgi_5.5.9+dfsg-1ubuntu4.22_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) php5-cgi_5.5.9+dfsg-1ubuntu4.22_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) php5-cli_5.5.9+dfsg-1ubuntu4.22_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) php5-cli_5.5.9+dfsg-1ubuntu4.22_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) php5-fpm_5.5.9+dfsg-1ubuntu4.22_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) php5-fpm_5.5.9+dfsg-1ubuntu4.22_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.22_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3196-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.22_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3382-1) php5-cgi_5.5.9+dfsg-1ubuntu4.22_i386.deb | Linux |
| php7.0 security update(DSA-4080-1) php7.0_7.0.27-0+deb9u1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234