Description

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.

Remediation

References

CVE-2017-11142

Related Vulnerabilities

Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)

WordPress Plugin Simple Slideshow Manager Multiple Cross-Site Scripting Vulnerabilities (2.3)

Drupal Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-13670)

PrestaShop Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-21302)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000863)

Severity

High

Classification

CVE-2017-11142 CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities