Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-5340

It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects and calling attacker controlled destructor function pointers, effectively allowing arbitrary code execution via specially crafted serialized data.

Source

Severity High

Remote Yes

Type Arbitrary code execution

Description

It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects and calling attacker controlled destructor function pointers, effectively allowing arbitrary code execution via specially crafted serialized data.

AVG-105 php 7.0.13-1 7.1.1-0 High Fixed

19 Jan 2017 ASA-201701-28 AVG-105 php High multiple issues

https://bugs.php.net/bug.php?id=73832

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect