CVE-2017-16642

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-16642
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16642.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-16642
Downstream
Related
Published
2017-11-07T21:29:00.290Z
Modified
2026-06-18T04:03:48.087901176Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the phpparsedate function. NOTE: this is a different issue than CVE-2017-11145.

Database specific 
{
    "unresolved_ranges": [
        {
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "last_affected": "14.04"
                }
            ],
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/derickr/timelib

Affected ranges

Type
GIT
Repo
https://github.com/derickr/timelib
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aa9156006e88565e1f1a5f7cc088b18322d57536
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

2015.*
2015.01
2015.02
2016.*
2016.01
2016.02
2016.03
2016.04
2016.05
2017.*
2017.01
2017.02
2017.03
2017.04
2017.05beta1
2017.05beta2
2017.05beta3
2017.05beta4
2017.05beta5
2017.05beta6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16642.json"

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6f21492505dd554667f70884b46802f2fb81c210
Introduced
60fffd296abce5fc071f3c173c25a2696cf683c6
Fixed
8d8d4353d063c049901912be7d18535dc84a361b
Introduced
0221e9f827632942225586687a33cfd554860d5e
Fixed
058de87e99ad6318dec2461727bc83b14ff18f6e
Fixed
5c0455bf2c8cd3c25401407f158e820aa3b239e1
Database specific 
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.6.32"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.25"
        },
        {
            "introduced": "7.1.0"
        },
        {
            "fixed": "7.1.11"
        }
    ],
    "cpe": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
}

Affected versions

Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
php-7.*
php-7.0.25RC1
php-7.1.11RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16642.json"