PHP 7.1.2 Zend/zend_operators.c null pointer dereference

A vulnerability was found in PHP 7.1.2. It has been rated as problematic. This issue affects some unknown processing of the file Zend/zend_operators.c. The manipulation leads to null pointer dereference. The CWE definition for the vulnerability is CWE-476. The weakness was released 04/03/2017 as 74146 (Website). It is possible to read the advisory at bugs.php.net. The identification of this vulnerability is CVE-2017-6441. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $5k-$25k. The real existence of this vulnerability is still doubted at the moment. The vulnerability scanner Nessus provides a plugin with the ID 101287 (openSUSE Security Update : php7 (openSUSE-2017-790)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 170133 (SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2017:1717-1)). The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 4 months after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: Tenable (101287).

Field04/03/2017 04:59 PM08/25/2020 12:55 PM11/24/2022 06:42 PM
typeProgramming Language SoftwareProgramming Language SoftwareProgramming Language Software
namePHPPHPPHP
version7.1.27.1.27.1.2
fileZend/zend_operators.cZend/zend_operators.cZend/zend_operators.c
cwe476 (null pointer dereference)476 (null pointer dereference)476 (null pointer dereference)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore6.46.46.4
cvss3_meta_tempscore6.16.16.3
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
urlhttps://bugs.php.net/bug.php?id=74146https://bugs.php.net/bug.php?id=74146https://bugs.php.net/bug.php?id=74146
disputed111
price_0day$0-$5k$0-$5k$5k-$25k
cveCVE-2017-6441CVE-2017-6441CVE-2017-6441
cve_assigned1488412800 (03/02/2017)1488412800 (03/02/2017)1488412800 (03/02/2017)
cve_nvd_published149117760014911776001491177600
cve_nvd_summary** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."
nessus_id101287101287101287
nessus_nameopenSUSE Security Update : php7 (openSUSE-2017-790)openSUSE Security Update : php7 (openSUSE-2017-790)openSUSE Security Update : php7 (openSUSE-2017-790)
nessus_filenameopenSUSE-2017-790.naslopenSUSE-2017-790.naslopenSUSE-2017-790.nasl
nessus_riskHighHighHigh
nessus_familySuSE Local Security ChecksSuSE Local Security ChecksSuSE Local Security Checks
nessus_typelocallocallocal
nessus_date1499385600 (07/07/2017)1499385600 (07/07/2017)1499385600 (07/07/2017)
qualys_id170133170133170133
qualys_titleSUSE Enterprise Linux Security Update for php7 (SUSE-SU-2017:1717-1)SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2017:1717-1)SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2017:1717-1)
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days949494
exposure_days949494
cvss3_nvd_basescore7.57.57.5
nameUpgradeUpgrade
date1499299200 (07/06/2017)1499299200 (07/06/2017)
osvdb_titleCVE-2017-6441 - PHP - Denial of Service IssueCVE-2017-6441 - PHP - Denial of Service Issue
identifier74146
patch_urlhttps://github.com/php/php-src/pull/2396
cvss2_nvd_basescore5.0

Do you know our Splunk app?

Download it now for free!