Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-9137

Published: 04/01/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP prior to 5.6.27 and 7.x prior to 7.0.12 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php 7.0.11

php php 7.0.4

php php 7.0.3

php php 7.0.1

php php 7.0.7

php php

php php 7.0.2

php php 7.0.9

php php 7.0.8

php php 7.0.5

php php 7.0.10

php php 7.0.0

php php 7.0.6

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Ubuntu Security Notice: php7.0 regression
USN-3211-1 introduced a regression in PHP ...
Ubuntu Security Notice: php7.0 vulnerabilities
Several security issues were fixed in PHP ...
Amazon Linux AMI: ALAS-2017-788
The SplObjectStorage unserialize implementation in ext/spl/spl_observerc in PHP before 7012 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implement ...
Amazon Linux AMI: ALAS-2017-787
A vulnerability was found in gd Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy() An attacker could create a crafted image that would lead to a crash or, potentially, code execution (CVE-2016-8670) Use-after-free vulnera ...
Red Hat: CVE-2016-9137
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_filec in PHP before 5627 and 7x before 7012 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing ...
Tenable Security Advisories: [R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities
SecurityCenter has recently been discovered to have several vulnerabilities Two were reported by external parties while the rest were discovered during internal testing Note that the library vulnerabilities were not fully diagnosed so SecurityCenter may or may not be impacted Tenable opted to upgrade the libraries as it was more efficient Detai ...

References

CWE-416https://bugs.php.net/bug.php?id=73147http://www.php.net/ChangeLog-7.phphttp://www.php.net/ChangeLog-5.phphttp://www.openwall.com/lists/oss-security/2016/11/01/2http://www.securityfocus.com/bid/93577https://www.tenable.com/security/tns-2016-19http://www.debian.org/security/2016/dsa-3698http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0e6fe3a4c96be2d3e88389a5776f878021b4c59fhttps://nvd.nist.govhttps://usn.ubuntu.com/3196-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook