VDB
CVE-2017-11143
CVE-2017-11143
PUBLISHED
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.
EPSS 9.82% · 93.1th percentile
Risk Scores
EPSS Score
9.82%
93.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | php5 | 0, 5.5.3+dfsg-1ubuntu2, 5.5.6+dfsg-1ubuntu1 |
Timeline
- Jul 10, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- May 30, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jun 21, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
- Jul 4, 2025 EPSS Score
- Jul 30, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-11143 third-party-advisory
- http://openwall.com/lists/oss-security/2017/07/10/6 third-party-advisory
- http://php.net/ChangeLog-5.php third-party-advisory
- https://ubuntu.com/security/notices/USN-3382-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3382-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-11143 third-party-advisory