{"id":"CVE-2017-9118","details":"PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.","modified":"2026-04-16T04:32:46.598921706Z","published":"2018-08-02T15:29:00.230Z","related":["SUSE-SU-2018:2640-1","SUSE-SU-2018:2681-1","SUSE-SU-2018:2682-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20181107-0003/"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=74604"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"3c7824e16ec4c3cee417262445d2c2b66531c10f"},{"fixed":"96f753a2b56b7c4927f1a64253ca60bb481ee2c3"},{"introduced":"5dc92c2117cafc61daaaaa240fd46c3ac33872a4"},{"fixed":"9b4a6e9b1be6e6af4eff97dcb5b8b8c24c8c00ea"},{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"e2a082c4a94bc62dfc1d2119d4ce3301632bdfdb"},{"introduced":"0"},{"last_affected":"5d08c710749096291e294afd641e4429760c6c6e"}],"database_specific":{"versions":[{"introduced":"7.4.0"},{"fixed":"7.4.27"},{"introduced":"8.0.0"},{"fixed":"8.0.14"},{"introduced":"8.1.0"},{"fixed":"8.1.1"},{"introduced":"0"},{"last_affected":"7.1.5"}]}}],"versions":["POST_64BIT_BRANCH_MERGE","POST_AST_MERGE","POST_PHP7_NSAPI_REMOVAL","POST_PHP7_REMOVALS","POST_PHPNG_MERGE","PRE_64BIT_BRANCH_MERGE","PRE_AST_MERGE","PRE_PHP7_EREG_MYSQL_REMOVALS","PRE_PHP7_NSAPI_REMOVAL","PRE_PHP7_REMOVALS","php-7.1.5","php-7.1.5RC1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9118.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}