PublicDateAtUSN: 2017-05-21 19:29:00 UTC
Candidate: CVE-2017-9119
PublicDate: 2017-05-21 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9119
 https://ubuntu.com/security/notices/USN-5300-1
 https://ubuntu.com/security/notices/USN-5300-2
Description:
 The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows
 attackers to cause a denial of service (memory consumption and application
 crash) or possibly have unspecified other impact by triggering crafted
 operations on array data structures.
Ubuntu-Description:
Notes:
 leosilva> unfixed upstream as of 2020-06-23
 rodrigo-zaiden> php7.0 retriage on 2022-02-01 found that upstream fixed it on
  2020-09-03, information is now updated to reflect this.
Bugs:
 https://bugs.php.net/bug.php?id=74593
 https://bugs.php.net/bug.php?id=74310 (main bug)
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_php5:
upstream_php5: not-affected
precise/esm_php5: ignored (end of ESM support, was deferred)
trusty_php5: ignored (reached end-of-life)
trusty/esm_php5: needs-triage
vivid/ubuntu-core_php5: DNE
vivid/stable-phone-overlay_php5: DNE
xenial_php5: DNE
yakkety_php5: DNE
zesty_php5: DNE
artful_php5: DNE
bionic_php5: DNE
cosmic_php5: DNE
disco_php5: DNE
eoan_php5: DNE
focal_php5: DNE
groovy_php5: DNE
hirsute_php5: DNE
impish_php5: DNE
jammy_php5: DNE
devel_php5: DNE

Patches_php7.0:
 upstream: https://github.com/php/php-src/commit/573ad182d21df2457a0a2f6fd3c075e1f0bfca44
upstream_php7.0: needed
precise/esm_php7.0: DNE
trusty_php7.0: DNE
trusty/esm_php7.0: DNE
vivid/ubuntu-core_php7.0: DNE
vivid/stable-phone-overlay_php7.0: DNE
xenial_php7.0: ignored (end of standard support, was deferred)
esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.16+esm3)
yakkety_php7.0: ignored (reached end-of-life)
zesty_php7.0: ignored (reached end-of-life)
artful_php7.0: DNE
bionic_php7.0: DNE
cosmic_php7.0: DNE
disco_php7.0: DNE
eoan_php7.0: DNE
focal_php7.0: DNE
groovy_php7.0: DNE
hirsute_php7.0: DNE
impish_php7.0: DNE
jammy_php7.0: DNE
devel_php7.0: DNE

Patches_php7.2:
upstream_php7.2: needs-triage
precise/esm_php7.2: DNE
trusty_php7.2: DNE
trusty/esm_php7.2: DNE
xenial_php7.2: DNE
artful_php7.2: DNE
bionic_php7.2: released (7.2.24-0ubuntu0.18.04.11)
cosmic_php7.2: ignored (reached end-of-life)
disco_php7.2: ignored (reached end-of-life)
eoan_php7.2: DNE
focal_php7.2: DNE
groovy_php7.2: DNE
hirsute_php7.2: DNE
impish_php7.2: DNE
jammy_php7.2: DNE
devel_php7.2: DNE

Patches_php7.4:
upstream_php7.4: needs-triage
trusty_php7.4: DNE
trusty/esm_php7.4: DNE
xenial_php7.4: DNE
bionic_php7.4: DNE
focal_php7.4: released (7.4.3-4ubuntu2.10)
impish_php7.4: DNE
jammy_php7.4: DNE
devel_php7.4: DNE

Patches_php8.0:
upstream_php8.0: needs-triage
trusty_php8.0: DNE
trusty/esm_php8.0: DNE
xenial_php8.0: DNE
bionic_php8.0: DNE
focal_php8.0: DNE
impish_php8.0: not-affected (8.0.8-1ubuntu0.2)
jammy_php8.0: DNE
devel_php8.0: DNE

Patches_php8.1:
upstream_php8.1: needs-triage
trusty_php8.1: DNE
trusty/esm_php8.1: DNE
xenial_php8.1: DNE
bionic_php8.1: DNE
focal_php8.1: DNE
impish_php8.1: DNE
jammy_php8.1: not-affected (8.1.0-1)
devel_php8.1: not-affected (8.1.0-1)