A vulnerability was found in PHP 7.1.2. It has been rated as problematic. This issue affects some unknown processing of the file Zend/zend_operators.c. The manipulation leads to null pointer dereference. The CWE definition for the vulnerability is CWE-476. The weakness was released 04/03/2017 as 74146 (Website). It is possible to read the advisory at bugs.php.net. The identification of this vulnerability is CVE-2017-6441. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $5k-$25k. The real existence of this vulnerability is still doubted at the moment. The vulnerability scanner Nessus provides a plugin with the ID 101287 (openSUSE Security Update : php7 (openSUSE-2017-790)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 170133 (SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2017:1717-1)). The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 4 months after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: Tenable (101287).
Do you know our Splunk app?
Download it now for free!