Description

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Remediation

References

CVE-2017-16642

Related Vulnerabilities

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.9.24)

Joomla CVE-2018-17859 Vulnerability (CVE-2018-17859)

Oracle Application Server Other Vulnerability (CVE-2005-2093)

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-34798)

Envoy Proxy Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-12604)

Severity

High

Classification

CVE-2017-16642 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities