Critical severity9.1NVD Advisory· Published Jul 10, 2017· Updated Jun 17, 2026
CVE-2017-11147
CVE-2017-11147
Description
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- osv-coords9 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 5.3.17-112.5.1+ 8 more
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 7.0.7-50.9.2
- (no CPE)range: < 7.0.7-50.9.2
- (no CPE)range: < 7.0.7-50.9.2
Patches
Vulnerability mechanics
References
9- openwall.com/lists/oss-security/2017/07/10/6nvdMailing ListPatchThird Party Advisory
- bugs.php.net/bug.phpnvdExploitIssue TrackingVendor Advisory
- php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/99607nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:1296nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20180112-0001/nvdThird Party Advisory
- www.tenable.com/security/tns-2017-12nvdThird Party Advisory
- git.php.netnvd
News mentions
0No linked articles in our index yet.