CVE-2017-16642

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-16642
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16642.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-16642
Downstream
Related
Published
2017-11-07T21:29:00.290Z
Modified
2026-02-22T01:17:02.549134Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the phpparsedate function. NOTE: this is a different issue than CVE-2017-11145.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6f21492505dd554667f70884b46802f2fb81c210
Introduced
0221e9f827632942225586687a33cfd554860d5e
Fixed
058de87e99ad6318dec2461727bc83b14ff18f6e
Introduced
60fffd296abce5fc071f3c173c25a2696cf683c6
Fixed
8d8d4353d063c049901912be7d18535dc84a361b

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16642.json"