CVE-2017-9120

moderate-risk

Published 2018-08-02

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Do I need to act?

1.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: afe3c74a79137e77750fc683ecb6a526e6845bb1, 55778e127668ded5a75a499b6a818987a3b00864

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Php

Storage Automation Store

Affected Vendors

Php Netapp

References (6)

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2519

Exploit https://bugs.php.net/bug.php?id=74544

Third Party Advisory https://security.netapp.com/advisory/ntap-20181107-0003/

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2519

Exploit https://bugs.php.net/bug.php?id=74544

Third Party Advisory https://security.netapp.com/advisory/ntap-20181107-0003/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 7/34 · Low