PHP - (bulletinapr2018)ID: oval:org.secpod.oval:def:2102311 | Date: (C)2019-12-31 (M)2022-10-10 |
Class: PATCH | Family: unix |
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension"s timelib_meridian handling of "front of" and "back of" directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
Product: |
web/php-71 |
web/php-56 |