Published: 16/05/2016 Updated: 22/04/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 6.0

redhat enterprise linux 7.0

php php

php php 5.5.0

php php 5.5.1

php php 5.5.2

php php 5.5.3

php php 5.5.4

php php 5.5.5

php php 5.5.6

php php 5.5.7

php php 5.5.8

php php 5.5.9

php php 5.5.10

php php 5.5.11

php php 5.5.12

php php 5.5.13

php php 5.5.14

php php 5.5.15

php php 5.5.16

php php 5.5.17

php php 5.5.18

php php 5.5.19

php php 5.5.20

php php 5.5.21

php php 5.5.22

php php 5.5.23

php php 5.6.0

php php 5.6.1

php php 5.6.2

php php 5.6.3

php php 5.6.4

php php 5.6.5

php php 5.6.6

php php 5.6.7

redhat enterprise linux desktop 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux hpc node eus 7.1

redhat enterprise linux server 7.0

redhat enterprise linux server eus 7.1

redhat enterprise linux workstation 7.0

Vendor Advisories

A flaw was discovered in the way PHP performed object unserialization Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code ...
Several security issues were fixed in PHP ...
Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...