CVE-2017-7963

Metadata

medium
5.0
php5
CVE-2017-7963
cve.mitre.org, bugs.php.net
2017-04-19
2017-08-04 16:03
2017-07-20 21:32
2017-06-16 19:22
2017-06-15 17:13
2017-05-10 23:51
2017-04-21 22:03

Description

** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior."

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
precise php5 ignored
precise/esm php5 ignored
trusty php5 ignored
vivid/stable-phone-overlay php5 DNE
vivid/ubuntu-core php5 DNE
xenial php5 DNE
yakkety php5 DNE
zesty php5 DNE
devel php5 DNE

Needs Triage

Release Package Reason
upstream php5 needs-triage