CVE-2017-11362

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-11362
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11362.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-11362
Downstream
Published
2017-07-17T13:18:21.673Z
Modified
2026-04-11T15:15:24.193539Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmtparse_message function.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Last affected
e09845d32614a19188632f410316478fbb440ebd
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Last affected
734a5fca2c4731e34eca551f28be9a10ffc3f3c9
Last affected
fb59213fc461f079bc218abf44cb5e2b4db2182c
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Last affected
9d582eba7448f1495fae62b13d95d2844ce6b28a
Last affected
da12ca9c1ed03084e6803f5e81e46f2e0a80460a
Last affected
e2874f7bf990ed58ba6f7abccefa2c00a0447fc7
Last affected
140e2adb5ab8a5ed0624366c0416f07b8aa17254
Last affected
721bcb2b7e7d283f89c300caed54a532e7fc5ddf
Last affected
94933677a34de91b54ecd3cbe44770b7c204dc8a
Last affected
cc766d7730bdec064e32f8009154fa672b34ef9b
Last affected
37eb1e4d92db3cf3f92910f27216550c0b0a9982
Last affected
89a97812aaa7abee8855f8a67c0411d9a0380766
Last affected
fa587915da22f88ea28b53e6b161cf7c607c28df
Last affected
42b8d368f83c6484f8ae8c80a9bb56cf4f46d3e2
Last affected
e17e2b26b33f0294cffe0e98c6b3a74ba4d48cb4
Last affected
0221e9f827632942225586687a33cfd554860d5e
Last affected
9abbc3cc6d0f448435ca38bef694f671bf7303d8
Last affected
e000b401acacd5c0e8d90ec36c2ef1c585d149a2
Last affected
9f1492bb895ce297c660bde3fabb5e27a20a7cbd
Last affected
1f68c9d76498819fc504bda226dd034491f73ed3
Last affected
5d08c710749096291e294afd641e4429760c6c6e
Last affected
5b34dc2d52841bfab425cbb24e9111172de20ef9
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "last_affected": "7.0.6"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "last_affected": "7.0.8"
        },
        {
            "last_affected": "7.0.9"
        },
        {
            "last_affected": "7.0.10"
        },
        {
            "last_affected": "7.0.11"
        },
        {
            "last_affected": "7.0.12"
        },
        {
            "last_affected": "7.0.13"
        },
        {
            "last_affected": "7.0.14"
        },
        {
            "last_affected": "7.0.15"
        },
        {
            "last_affected": "7.0.16"
        },
        {
            "last_affected": "7.0.17"
        },
        {
            "last_affected": "7.0.18"
        },
        {
            "last_affected": "7.0.19"
        },
        {
            "last_affected": "7.0.20"
        },
        {
            "last_affected": "7.1.0"
        },
        {
            "last_affected": "7.1.1"
        },
        {
            "last_affected": "7.1.2"
        },
        {
            "last_affected": "7.1.3"
        },
        {
            "last_affected": "7.1.4"
        },
        {
            "last_affected": "7.1.5"
        },
        {
            "last_affected": "7.1.6"
        }
    ],
    "cpe": [
        "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.10
php-7.0.10RC1
php-7.0.11
php-7.0.11RC1
php-7.0.12
php-7.0.13
php-7.0.13RC1
php-7.0.14
php-7.0.14RC1
php-7.0.15
php-7.0.15RC1
php-7.0.16
php-7.0.16RC1
php-7.0.17
php-7.0.17RC1
php-7.0.18
php-7.0.18RC1
php-7.0.19
php-7.0.19RC1
php-7.0.1RC1
php-7.0.2
php-7.0.20
php-7.0.20RC1
php-7.0.2RC1
php-7.0.3
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
php-7.0.8
php-7.0.8RC1
php-7.0.9
php-7.0.9RC1
php-7.1.0
php-7.1.0RC6
php-7.1.1
php-7.1.1RC1
php-7.1.2
php-7.1.2RC1
php-7.1.3
php-7.1.3RC1
php-7.1.4
php-7.1.4RC1
php-7.1.5
php-7.1.5RC1
php-7.1.6
php-7.1.6RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11362.json"