{"id":"CVE-2017-7189","details":"main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.","modified":"2026-04-11T04:59:51.171136Z","published":"2019-07-10T15:15:11.163Z","references":[{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=74192"},{"type":"FIX","url":"https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"60fffd296abce5fc071f3c173c25a2696cf683c6"},{"fixed":"37eb1e4d92db3cf3f92910f27216550c0b0a9982"},{"fixed":"bab0b99f376dac9170ac81382a5ed526938d595a"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.0.16"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:59:51Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7189.json","vanir_signatures":[{"id":"CVE-2017-7189-0367c050","deprecated":false,"target":{"file":"main/streams/xp_socket.c","function":"parse_ip_address_ex"},"signature_version":"v1","source":"https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a","signature_type":"Function","digest":{"function_hash":"25954418537993354906810679751706881010","length":813}},{"id":"CVE-2017-7189-dd7e2968","deprecated":false,"target":{"file":"main/streams/xp_socket.c"},"signature_version":"v1","source":"https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a","signature_type":"Line","digest":{"line_hashes":["96925839583532923982964231240844440937","58623572596228789776196651253671782112","135633014013098575755473646959568394835","166067641592944639392872254756214638324","100267658189387310072607059763441990347","327358159792768892130981194478376054044","851378121682662920468238894861988364","314577343906733442472633894765041464525","290488536648167433946729631960172792882","304277819284939497559048954425926759404","45361655755660409058900151378956781579","98380177259299385082119401059192850571","140857132125336533406313044813972857154","138930420433345886720982775165105305311","129429535438291653056969661213468792129","150705046247528685625465905092658606036","98721154362060048170613768024767904140","186325265072741337767185550146872526890","258922995148387736732108437600871178305","295665630112481776732720450406535204466","177770387157668607946762550750247977680","215979603786398871912267452495927398013","58699980153549850152597795615477593300","179313615582318253927815754520587468813","76616369875822220412912373158154491791","42934769745497914088808172732736984029","45502358789397159925983817023527663213","279942236296071536843151426932711459991","76307502023617010035481115789412140546","6548854012503520523054358386376574142","126808480897197276431818706293417770633"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}