Upstream information

CVE-2017-6441 at MITRE

Description

** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
SUSE Bugzilla entry: 1032155

No SUSE Security Announcements cross referenced.

List of packages in QA

Product(s) Package(s)
SUSE Linux Enterprise Module for Web Scripting 12
  • apache2-mod_php7 >= 7.0.7-49.1
  • apache2-mod_php7-debuginfo >= 7.0.7-49.1
  • php7 >= 7.0.7-49.1
  • php7-bcmath >= 7.0.7-49.1
  • php7-bcmath-debuginfo >= 7.0.7-49.1
  • php7-bz2 >= 7.0.7-49.1
  • php7-bz2-debuginfo >= 7.0.7-49.1
  • php7-calendar >= 7.0.7-49.1
  • php7-calendar-debuginfo >= 7.0.7-49.1
  • php7-ctype >= 7.0.7-49.1
  • php7-ctype-debuginfo >= 7.0.7-49.1
  • php7-curl >= 7.0.7-49.1
  • php7-curl-debuginfo >= 7.0.7-49.1
  • php7-dba >= 7.0.7-49.1
  • php7-dba-debuginfo >= 7.0.7-49.1
  • php7-debuginfo >= 7.0.7-49.1
  • php7-debugsource >= 7.0.7-49.1
  • php7-dom >= 7.0.7-49.1
  • php7-dom-debuginfo >= 7.0.7-49.1
  • php7-enchant >= 7.0.7-49.1
  • php7-enchant-debuginfo >= 7.0.7-49.1
  • php7-exif >= 7.0.7-49.1
  • php7-exif-debuginfo >= 7.0.7-49.1
  • php7-fastcgi >= 7.0.7-49.1
  • php7-fastcgi-debuginfo >= 7.0.7-49.1
  • php7-fileinfo >= 7.0.7-49.1
  • php7-fileinfo-debuginfo >= 7.0.7-49.1
  • php7-fpm >= 7.0.7-49.1
  • php7-fpm-debuginfo >= 7.0.7-49.1
  • php7-ftp >= 7.0.7-49.1
  • php7-ftp-debuginfo >= 7.0.7-49.1
  • php7-gd >= 7.0.7-49.1
  • php7-gd-debuginfo >= 7.0.7-49.1
  • php7-gettext >= 7.0.7-49.1
  • php7-gettext-debuginfo >= 7.0.7-49.1
  • php7-gmp >= 7.0.7-49.1
  • php7-gmp-debuginfo >= 7.0.7-49.1
  • php7-iconv >= 7.0.7-49.1
  • php7-iconv-debuginfo >= 7.0.7-49.1
  • php7-imap >= 7.0.7-49.1
  • php7-imap-debuginfo >= 7.0.7-49.1
  • php7-intl >= 7.0.7-49.1
  • php7-intl-debuginfo >= 7.0.7-49.1
  • php7-json >= 7.0.7-49.1
  • php7-json-debuginfo >= 7.0.7-49.1
  • php7-ldap >= 7.0.7-49.1
  • php7-ldap-debuginfo >= 7.0.7-49.1
  • php7-mbstring >= 7.0.7-49.1
  • php7-mbstring-debuginfo >= 7.0.7-49.1
  • php7-mcrypt >= 7.0.7-49.1
  • php7-mcrypt-debuginfo >= 7.0.7-49.1
  • php7-mysql >= 7.0.7-49.1
  • php7-mysql-debuginfo >= 7.0.7-49.1
  • php7-odbc >= 7.0.7-49.1
  • php7-odbc-debuginfo >= 7.0.7-49.1
  • php7-opcache >= 7.0.7-49.1
  • php7-opcache-debuginfo >= 7.0.7-49.1
  • php7-openssl >= 7.0.7-49.1
  • php7-openssl-debuginfo >= 7.0.7-49.1
  • php7-pcntl >= 7.0.7-49.1
  • php7-pcntl-debuginfo >= 7.0.7-49.1
  • php7-pdo >= 7.0.7-49.1
  • php7-pdo-debuginfo >= 7.0.7-49.1
  • php7-pear >= 7.0.7-49.1
  • php7-pear-Archive_Tar >= 7.0.7-49.1
  • php7-pgsql >= 7.0.7-49.1
  • php7-pgsql-debuginfo >= 7.0.7-49.1
  • php7-phar >= 7.0.7-49.1
  • php7-phar-debuginfo >= 7.0.7-49.1
  • php7-posix >= 7.0.7-49.1
  • php7-posix-debuginfo >= 7.0.7-49.1
  • php7-pspell >= 7.0.7-49.1
  • php7-pspell-debuginfo >= 7.0.7-49.1
  • php7-shmop >= 7.0.7-49.1
  • php7-shmop-debuginfo >= 7.0.7-49.1
  • php7-snmp >= 7.0.7-49.1
  • php7-snmp-debuginfo >= 7.0.7-49.1
  • php7-soap >= 7.0.7-49.1
  • php7-soap-debuginfo >= 7.0.7-49.1
  • php7-sockets >= 7.0.7-49.1
  • php7-sockets-debuginfo >= 7.0.7-49.1
  • php7-sqlite >= 7.0.7-49.1
  • php7-sqlite-debuginfo >= 7.0.7-49.1
  • php7-sysvmsg >= 7.0.7-49.1
  • php7-sysvmsg-debuginfo >= 7.0.7-49.1
  • php7-sysvsem >= 7.0.7-49.1
  • php7-sysvsem-debuginfo >= 7.0.7-49.1
  • php7-sysvshm >= 7.0.7-49.1
  • php7-sysvshm-debuginfo >= 7.0.7-49.1
  • php7-tokenizer >= 7.0.7-49.1
  • php7-tokenizer-debuginfo >= 7.0.7-49.1
  • php7-wddx >= 7.0.7-49.1
  • php7-wddx-debuginfo >= 7.0.7-49.1
  • php7-xmlreader >= 7.0.7-49.1
  • php7-xmlreader-debuginfo >= 7.0.7-49.1
  • php7-xmlrpc >= 7.0.7-49.1
  • php7-xmlrpc-debuginfo >= 7.0.7-49.1
  • php7-xmlwriter >= 7.0.7-49.1
  • php7-xmlwriter-debuginfo >= 7.0.7-49.1
  • php7-xsl >= 7.0.7-49.1
  • php7-xsl-debuginfo >= 7.0.7-49.1
  • php7-zip >= 7.0.7-49.1
  • php7-zip-debuginfo >= 7.0.7-49.1
  • php7-zlib >= 7.0.7-49.1
  • php7-zlib-debuginfo >= 7.0.7-49.1
SUSE Linux Enterprise Software Development Kit 12 SP2
  • php7 >= 7.0.7-49.1
  • php7-debuginfo >= 7.0.7-49.1
  • php7-debugsource >= 7.0.7-49.1
  • php7-devel >= 7.0.7-49.1