CVE-2017-9119
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 21 May 2017, 19:00
Last modified:05 Aug 2024, 16:55
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.0 (nvd)
EPSS Score
0.37% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
21 May 2017, 19:00
Published
Vulnerability first disclosed
05 Aug 2024, 16:55
Last Modified
Vulnerability information updated
Description
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
CVSS Metrics
- v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.37%• Percentile: 59%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- netapp•clustered_data_ontap
na
- netapp•storage_automation_store
na
- Unknown•PHP
7.1.5