Published: 11/01/2017 Updated: 20/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP prior to 7.0.12 does not verify that a key is an object, which allows remote malicious users to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
netapp clustered data ontap -

The SplObjectStorage unserialize implementation in ext/spl/spl_observerc in PHP before 7012 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implement ...

The SplObjectStorage unserialize implementation in ext/spl/spl_observerc in PHP before 7012 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data ...

CWE-119 https://www.youtube.com/watch?v=LDcaPstAuPk https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4 https://bugs.php.net/bug.php?id=73257 http://php.net/ChangeLog-7.php http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://www.securityfocus.com/bid/95152 https://security.netapp.com/advisory/ntap-20180112-0001/https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-788.html

CVE-2016-7480

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect