K06420357 : PHP vulnerability CVE-2017-16642

2017-11-1700:00:00

my.f5.com

122

7.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

Security Advisory Description

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension’s timelib_meridian handling of ‘front of’ and ‘back of’ directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. (CVE-2017-16642)

Impact

There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.5.5
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq12.0.0
big-ip afmeq12.1.0
big-ip afmeq12.1.1

Name	Operator	Version
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.5.5
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	12.0.0
big-ip afm	eq	12.1.0
big-ip afm	eq	12.1.1