CVE-2017-11144
Description
PHP's openssl_seal() function crashes due to unvalidated return value of OpenSSL's EVP_SealInit, passing a negative key length to memcpy.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PHP's openssl_seal() function crashes due to unvalidated return value of OpenSSL's EVP_SealInit, passing a negative key length to memcpy.
Vulnerability
In PHP versions before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl_seal() function in ext/openssl/openssl.c fails to check the return value of the underlying OpenSSL EVP_SealInit() call. When a crafted or invalid PEM certificate is supplied, EVP_SealInit() can produce a negative value in the envelope key length array (eksl[0]). This negative value is then passed unchecked to memcpy() in zif_openssl_seal(), leading to a crash of the PHP interpreter due to an invalid memory copy operation [1][2][4].
Exploitation
An attacker needs to supply a specially crafted PEM certificate or key that causes EVP_SealInit() to return a negative key length. No authentication is required; the attack can be triggered by calling openssl_seal() with a malicious certificate. The bug is reachable via any PHP application that processes user-supplied PEM data in an openssl_seal() call. The race window is not relevant; the crash occurs deterministically when the malformed input is processed [4].
Impact
Successful exploitation results in a denial of service (crash) of the PHP interpreter. The primary impact is on availability (CIA: A). While arbitrary code execution is not documented, the crash is reliable and can be used to disrupt services relying on PHP's openssl extension [1][2].
Mitigation
PHP versions 5.6.31, 7.0.21, and 7.1.7 (released July 2017) include the fix, which adds a proper check of the return value of EVP_SealInit() before using the key length [1][2]. Users running unpatched versions must upgrade immediately. Red Hat issued an advisory for rh-php70-php (7.0.27) as part of RHSA-2018:1296 [3]. No workaround exists; disabling the openssl extension is not recommended for production. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
39cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.6.30
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*
- (no CPE)range: <5.6.31, >=7.0.0 <7.0.21, >=7.1.0 <7.1.7
- osv-coords9 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 5.3.17-112.5.1+ 8 more
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 7.0.7-50.9.2
- (no CPE)range: < 7.0.7-50.9.2
- (no CPE)range: < 7.0.7-50.9.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- bugs.php.net/bug.phpnvdThird Party Advisory
- openwall.com/lists/oss-security/2017/07/10/6nvdMailing List
- git.php.netnvd
- git.php.netnvd
- git.php.netnvd
- access.redhat.com/errata/RHSA-2018:1296nvd
- security.netapp.com/advisory/ntap-20180112-0001/nvd
- www.debian.org/security/2018/dsa-4080nvd
- www.debian.org/security/2018/dsa-4081nvd
- www.tenable.com/security/tns-2017-12nvd
News mentions
0No linked articles in our index yet.