CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.4%
Issue Overview:
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480)
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137)
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933)
ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934)
The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834. (CVE-2016-9936)
Affected Packages:
php70
Issue Correction:
Run yum update php70 to update your system.
New Packages:
i686:
php70-pspell-7.0.14-1.20.amzn1.i686
php70-bcmath-7.0.14-1.20.amzn1.i686
php70-mbstring-7.0.14-1.20.amzn1.i686
php70-mysqlnd-7.0.14-1.20.amzn1.i686
php70-7.0.14-1.20.amzn1.i686
php70-mcrypt-7.0.14-1.20.amzn1.i686
php70-imap-7.0.14-1.20.amzn1.i686
php70-intl-7.0.14-1.20.amzn1.i686
php70-xmlrpc-7.0.14-1.20.amzn1.i686
php70-enchant-7.0.14-1.20.amzn1.i686
php70-debuginfo-7.0.14-1.20.amzn1.i686
php70-embedded-7.0.14-1.20.amzn1.i686
php70-zip-7.0.14-1.20.amzn1.i686
php70-dbg-7.0.14-1.20.amzn1.i686
php70-soap-7.0.14-1.20.amzn1.i686
php70-snmp-7.0.14-1.20.amzn1.i686
php70-common-7.0.14-1.20.amzn1.i686
php70-gd-7.0.14-1.20.amzn1.i686
php70-ldap-7.0.14-1.20.amzn1.i686
php70-gmp-7.0.14-1.20.amzn1.i686
php70-cli-7.0.14-1.20.amzn1.i686
php70-devel-7.0.14-1.20.amzn1.i686
php70-tidy-7.0.14-1.20.amzn1.i686
php70-xml-7.0.14-1.20.amzn1.i686
php70-pdo-7.0.14-1.20.amzn1.i686
php70-dba-7.0.14-1.20.amzn1.i686
php70-process-7.0.14-1.20.amzn1.i686
php70-recode-7.0.14-1.20.amzn1.i686
php70-pgsql-7.0.14-1.20.amzn1.i686
php70-pdo-dblib-7.0.14-1.20.amzn1.i686
php70-fpm-7.0.14-1.20.amzn1.i686
php70-opcache-7.0.14-1.20.amzn1.i686
php70-json-7.0.14-1.20.amzn1.i686
php70-odbc-7.0.14-1.20.amzn1.i686
src:
php70-7.0.14-1.20.amzn1.src
x86_64:
php70-embedded-7.0.14-1.20.amzn1.x86_64
php70-json-7.0.14-1.20.amzn1.x86_64
php70-pdo-dblib-7.0.14-1.20.amzn1.x86_64
php70-common-7.0.14-1.20.amzn1.x86_64
php70-intl-7.0.14-1.20.amzn1.x86_64
php70-cli-7.0.14-1.20.amzn1.x86_64
php70-soap-7.0.14-1.20.amzn1.x86_64
php70-pspell-7.0.14-1.20.amzn1.x86_64
php70-xmlrpc-7.0.14-1.20.amzn1.x86_64
php70-zip-7.0.14-1.20.amzn1.x86_64
php70-enchant-7.0.14-1.20.amzn1.x86_64
php70-gd-7.0.14-1.20.amzn1.x86_64
php70-mysqlnd-7.0.14-1.20.amzn1.x86_64
php70-imap-7.0.14-1.20.amzn1.x86_64
php70-recode-7.0.14-1.20.amzn1.x86_64
php70-mcrypt-7.0.14-1.20.amzn1.x86_64
php70-gmp-7.0.14-1.20.amzn1.x86_64
php70-mbstring-7.0.14-1.20.amzn1.x86_64
php70-xml-7.0.14-1.20.amzn1.x86_64
php70-pdo-7.0.14-1.20.amzn1.x86_64
php70-pgsql-7.0.14-1.20.amzn1.x86_64
php70-debuginfo-7.0.14-1.20.amzn1.x86_64
php70-dba-7.0.14-1.20.amzn1.x86_64
php70-process-7.0.14-1.20.amzn1.x86_64
php70-devel-7.0.14-1.20.amzn1.x86_64
php70-fpm-7.0.14-1.20.amzn1.x86_64
php70-ldap-7.0.14-1.20.amzn1.x86_64
php70-bcmath-7.0.14-1.20.amzn1.x86_64
php70-opcache-7.0.14-1.20.amzn1.x86_64
php70-snmp-7.0.14-1.20.amzn1.x86_64
php70-7.0.14-1.20.amzn1.x86_64
php70-odbc-7.0.14-1.20.amzn1.x86_64
php70-tidy-7.0.14-1.20.amzn1.x86_64
php70-dbg-7.0.14-1.20.amzn1.x86_64
Red Hat: CVE-2016-7480, CVE-2016-9137, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936
Mitre: CVE-2016-7480, CVE-2016-9137, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php70-pspell | < 7.0.14-1.20.amzn1 | php70-pspell-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-bcmath | < 7.0.14-1.20.amzn1 | php70-bcmath-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-mbstring | < 7.0.14-1.20.amzn1 | php70-mbstring-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-mysqlnd | < 7.0.14-1.20.amzn1 | php70-mysqlnd-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70 | < 7.0.14-1.20.amzn1 | php70-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-mcrypt | < 7.0.14-1.20.amzn1 | php70-mcrypt-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-imap | < 7.0.14-1.20.amzn1 | php70-imap-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-intl | < 7.0.14-1.20.amzn1 | php70-intl-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-xmlrpc | < 7.0.14-1.20.amzn1 | php70-xmlrpc-7.0.14-1.20.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php70-enchant | < 7.0.14-1.20.amzn1 | php70-enchant-7.0.14-1.20.amzn1.i686.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.4%