9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.026 Low
EPSS
Percentile
89.2%
A memory Corruption vulnerability was found in php’s unserialize method.
This happened during the deserialized-object Destruction.
Php’s mysqlnd extension assumes the flags
returned for a BIT field
necessarily contains UNSIGNED_FLAG; this might not be the case, with a
rogue mysql server, or a MITM attack. A malicious mysql server or MITM
can return field metadata for BIT fields that does not contain the
UNSIGNED_FLAG, which leads to a heap overflow.
When WDDX tries to deserialize "recordset" element, use after free
happens if close tag for the field is not found. This happens only when
field names are set.
The entry.uncompressed_filesize* method does not properly verify the
input parameters. An attacker can create a signature.bin with size less
than 8, when this value is passed to phar_verify_signature as sig_len a
heap buffer overflow occurs.
Big locale string causes stack based overflow inside libicu.
The return value of spl_array_get_hash_table is not properly checked and
used on spl_array_get_dimension_ptr_ptr.
An attacker can trigger an Out-Of-Bounds Read in php_wddx_push_element
of wddx.c. A DoS (null pointer dereference) vulnerability can be
triggered in the wddx_deserialize function by providing a maliciously
crafted XML string.
www.openwall.com/lists/oss-security/2016/09/15/10
bugs.php.net/bug.php?id=72293
bugs.php.net/bug.php?id=72860
bugs.php.net/bug.php?id=72928
bugs.php.net/bug.php?id=73007
bugs.php.net/bug.php?id=73029
bugs.php.net/bug.php?id=73052
bugs.php.net/bug.php?id=73065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.026 Low
EPSS
Percentile
89.2%