Description

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Remediation

References

CVE-2017-11144

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45137)

WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)

MySQL CVE-2021-2356 Vulnerability (CVE-2021-2356)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4581)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4476)

Severity

High

Classification

CVE-2017-11144 CWE-754 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities