CVE-2017-9120
Description
An integer overflow in PHP 7.x through 7.1.5's mysqli_real_escape_string() can lead to a buffer overflow and denial of service via a long string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An integer overflow in PHP 7.x through 7.1.5's mysqli_real_escape_string() can lead to a buffer overflow and denial of service via a long string.
Vulnerability
CVE-2017-9120 is an integer overflow vulnerability in the mysqli_real_escape_string() function in PHP 7.x through 7.1.5 ([1], [2]). The overflow occurs when a very long string is passed to the function, leading to a buffer overflow that crashes the application. The affected versions include PHP 7.0.x and 7.1.x up to and including 7.1.5. The issue was reported in the PHP bug tracker as Bug #74544 [2] and has been fixed in later releases such as PHP 7.1.30 provided in Red Hat Software Collections [1].
Exploitation
An attacker can trigger the vulnerability remotely by providing a crafted long string as input to any application that uses mysqli_real_escape_string(). No special authentication or privileges are required if the application accepts user-supplied data. The attacker must be able to send data to the affected PHP endpoint, and the PHP script must call mysqli_real_escape_string() on that data. The exact string length needed to trigger the integer overflow is not specified, but the bug report [2] indicates that the problem is reproducible with a long string.
Impact
Successful exploitation results in a buffer overflow, causing a denial of service (application crash). The description also mentions the possibility of "unspecified other impact," but no code execution or information disclosure has been confirmed in the available references. The primary impact is a crash of the PHP process, which could lead to a denial of service for the affected web application or service.
Mitigation
The vulnerability was fixed in PHP 7.1.6 and later versions. Red Hat released a patched version rh-php71-php-7.1.30 as part of RHSA-2019:2519 [1]. Users should upgrade to a patched version of PHP (7.1.6 or later). For the Red Hat Software Collections version, the fix is included in rh-php71-php-7.1.30. If upgrading is not immediately possible, avoid using mysqli_real_escape_string() with untrusted long strings or use alternative escaping functions that do not have the overflow issue. No KEV listing was identified.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- osv-coords16 versionspkg:rpm/opensuse/php7&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweedpkg:rpm/suse/php7&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 7.2.34-150000.4.103.1+ 15 more
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.4.24-1.1
- (no CPE)range: < 8.0.11-1.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.0.7-50.44.1
- (no CPE)range: < 7.2.5-4.6.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.0.7-50.44.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- access.redhat.com/errata/RHSA-2019:2519mitrevendor-advisoryx_refsource_REDHAT
- bugs.php.net/bug.phpmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20181107-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.