VYPR
High severity7.5NVD Advisory· Published Jul 10, 2019· Updated Jun 17, 2026

CVE-2017-7189

CVE-2017-7189

Description

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHPdescription
  • PHP/PHPllm-fuzzy
    Range: >=7.0.0, <7.0.17 or >=7.1.0, <7.1.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.