Critical severity9.1NVD Advisory· Published Jul 10, 2017· Updated May 13, 2026

CVE-2017-11147

Description

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

Affected products

NetApp/Clustered Data Ontap
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: <5.6.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openwall.com/lists/oss-security/2017/07/10/6nvdMailing ListPatchThird Party Advisory
bugs.php.net/bug.phpnvdExploitIssue TrackingVendor Advisory
php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
www.securityfocus.com/bid/99607nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2018:1296nvdThird Party Advisory
security.netapp.com/advisory/ntap-20180112-0001/nvdThird Party Advisory
www.tenable.com/security/tns-2017-12nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000