CVE-2017-6441
HIGHPHP 7.1.2 - Denial of Service via NULL Pointer Dereference in _zval_get_long_func_ex
Title source: llmDescription
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only.
References (2)
Core 2
Core References
Issue Tracking x_refsource_misc
https://bugs.php.net/bug.php?id=74146
Patch x_refsource_misc
https://github.com/php/php-src/pull/2396
Scores
CVSS v3
7.5
EPSS
0.0042
EPSS Percentile
62.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
php/php
7.1.2
Published
Apr 03, 2017
Tracked Since
Feb 18, 2026