CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bab0b99f376dac9170ac81382a5ed526938d595a

Affected versions

Other

NEWS

NEWS-cvs2svn

POST_64BIT_BRANCH_MERGE

POST_AST_MERGE

POST_NATIVE_TLS_MERGE

POST_PHP7_EREG_MYSQL_REMOVALS

POST_PHP7_NSAPI_REMOVAL

POST_PHP7_REMOVALS

POST_PHPNG_MERGE

PRE_64BIT_BRANCH_MERGE

PRE_AST_MERGE

PRE_NATIVE_TLS_MERGE

PRE_PHP7_EREG_MYSQL_REMOVALS

PRE_PHP7_NSAPI_REMOVAL

PRE_PHP7_REMOVALS

PRE_PHPNG_MERGE

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1

php-7.*

php-7.0.11RC1

php-7.0.12RC1

php-7.0.13RC1

php-7.0.3RC1

php-7.0.4RC1

php-7.0.5RC1

php-7.0.7RC1

php-7.0.8RC1

php-7.0.9RC1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2017-7272-0367c050",
        "source": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a",
        "digest": {
            "length": 813.0,
            "function_hash": "25954418537993354906810679751706881010"
        },
        "deprecated": false,
        "target": {
            "function": "parse_ip_address_ex",
            "file": "main/streams/xp_socket.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2017-7272-dd7e2968",
        "source": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a",
        "digest": {
            "line_hashes": [
                "96925839583532923982964231240844440937",
                "58623572596228789776196651253671782112",
                "135633014013098575755473646959568394835",
                "166067641592944639392872254756214638324",
                "100267658189387310072607059763441990347",
                "327358159792768892130981194478376054044",
                "851378121682662920468238894861988364",
                "314577343906733442472633894765041464525",
                "290488536648167433946729631960172792882",
                "304277819284939497559048954425926759404",
                "45361655755660409058900151378956781579",
                "98380177259299385082119401059192850571",
                "140857132125336533406313044813972857154",
                "138930420433345886720982775165105305311",
                "129429535438291653056969661213468792129",
                "150705046247528685625465905092658606036",
                "98721154362060048170613768024767904140",
                "186325265072741337767185550146872526890",
                "258922995148387736732108437600871178305",
                "295665630112481776732720450406535204466",
                "177770387157668607946762550750247977680",
                "215979603786398871912267452495927398013",
                "58699980153549850152597795615477593300",
                "179313615582318253927815754520587468813",
                "76616369875822220412912373158154491791",
                "42934769745497914088808172732736984029",
                "45502358789397159925983817023527663213",
                "279942236296071536843151426932711459991",
                "76307502023617010035481115789412140546",
                "6548854012503520523054358386376574142",
                "126808480897197276431818706293417770633"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "target": {
            "file": "main/streams/xp_socket.c"
        },
        "signature_type": "Line"
    }
]