CVE-2017-9118

NameCVE-2017-9118
DescriptionPHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)jessie, jessie (lts)5.6.40+dfsg-0+deb8u21vulnerable
php7.0 (PTS)stretch (security)7.0.33-0+deb9u12vulnerable
stretch (lts), stretch7.0.33-0+deb9u19vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)(unfixed)unimportant
php7.0source(unstable)(unfixed)unimportant
php7.1source(unstable)(unfixed)unimportant
php7.2source(unstable)(unfixed)unimportant

Notes

Check for Jessie again as soon as more information are available.
PHP Bug: https://bugs.php.net/bug.php?id=74604
Not treated as a security issue by upstream
[wheezy] - php5 <no-dsa> (not reproducible, further information are missing)

Search for package or bug name: Reporting problems