Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201701-28
HistoryJan 19, 2017 - 12:00 a.m.

[ASA-201701-28] php: multiple issues

2017-01-1900:00:00
security.archlinux.org
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.487 Medium

EPSS

Percentile

97.5%

JSON

Arch Linux Security Advisory ASA-201701-28

Severity: High
Date : 2017-01-19
CVE-ID : CVE-2016-9935 CVE-2016-9936 CVE-2017-5340
Package : php
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-105

Summary

The package php before version 7.1.1-0 is vulnerable to multiple issues
including arbitrary code execution and denial of service.

Resolution

Upgrade to 7.1.1-0.

pacman -Syu “php>=7.1.1-0”

The problems have been fixed upstream in version 7.1.1.

Workaround

None.

Description

  • CVE-2016-9935 (denial of service)

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before
5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial
of service (out-of-bounds read and memory corruption) or possibly have
unspecified other impact via an empty boolean element in a wddxPacket
XML document.

  • CVE-2016-9936 (arbitrary code execution)

The unserialize implementation in ext/standard/var.c in PHP 7.x before
7.0.14 allows remote attackers to cause a denial of service (use-after-
free) or possibly execute arbitrary code via crafted serialized data.

  • CVE-2017-5340 (arbitrary code execution)

It was found that PHP uses uninitialized memory during calls to
unserialize(). The payload supplied to unserialize() may control
this uninitialized memory region and thus may be used to trick PHP into
operating on faked objects and calling attacker controlled destructor
function pointers, effectively allowing arbitrary code execution via
specially crafted serialized data.

Impact

A remote attacker is able to use specially crafted input to perform a
denial of service attack or execute arbitrary code on the affected
host.

References

http://www.openwall.com/lists/oss-security/2016/12/12/2
https://bugs.php.net/bug.php?id=73631
https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
http://seclists.org/oss-sec/2016/q4/658
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
https://bugs.php.net/bug.php?id=72978
https://bugs.php.net/bug.php?id=73832
https://security.archlinux.org/CVE-2016-9935
https://security.archlinux.org/CVE-2016-9936
https://security.archlinux.org/CVE-2017-5340

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyphp< 7.1.1-0UNKNOWN

Related

nessus 33
freebsd 1
openvas 12
cve 3
veracode 4
prion 3
kaspersky 2
osv 4
ubuntucve 3
debiancve 3
zdt 1
redhatcve 3
debian 3
seebug 1
f5 1
hackerone 1
checkpoint_advisories 1
ubuntu 3
mageia 1
ibm 1
amazon 3
attackerkb 2
slackware 1
gentoo 1
redhat 1
cloudfoundry 1
suse 2
apple 2
rosalinux 1
nessus
nessus
PHP 7.0.x < 7.0.14 Multiple Vulnerabilities
2016-12-15 00:00:00
FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)
2017-01-03 00:00:00
SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)
2019-01-02 00:00:00
freebsd
freebsd
PHP -- multiple vulnerabilities
2016-12-08 00:00:00
openvas
openvas
Debian Security Advisory DSA 3737-1 (php5 - security update)
2016-12-16 00:00:00
Debian Security Advisory DSA 3737-1 (php5 - security update)
2016-12-16 00:00:00
Ubuntu Update for php7.0 USN-3211-1
2017-02-24 00:00:00
cve
cve
CVE-2016-9935
2017-01-04 20:59:00
CVE-2017-5340
2017-01-11 06:59:00
CVE-2016-9936
2017-01-04 20:59:00
veracode
veracode
Use After Free
2019-05-16 02:59:59
Out-Of-Bounds Read
2019-05-16 02:59:58
Remote Code Execution (RCE)
2019-05-16 02:59:59
prion
prion
Out-of-bounds
2017-01-04 20:59:00
Integer overflow
2017-01-11 06:59:00
Design/Logic Flaw
2017-01-04 20:59:00
kaspersky
kaspersky
KLA10930 Denial of service vulnerability in PHP
2017-01-04 00:00:00
KLA10929 Denial of service vulnerability in PHP
2017-01-04 00:00:00
osv
osv
CVE-2016-9935
2017-01-04 20:59:00
CVE-2017-5340
2017-01-11 06:59:00
CVE-2016-9936
2017-01-04 20:59:00
ubuntucve
ubuntucve
CVE-2016-9935
2017-01-04 00:00:00
CVE-2017-5340
2017-01-11 00:00:00
CVE-2016-9936
2017-01-04 00:00:00
debiancve
debiancve
CVE-2016-9935
2017-01-04 20:59:00
CVE-2017-5340
2017-01-11 06:59:00
CVE-2016-9936
2017-01-04 20:59:00
zdt
zdt
PHP 7.0.13 Use After Free unserialize() PoC Exploit
2016-12-13 00:00:00
redhatcve
redhatcve
CVE-2016-9935
2016-12-14 14:17:24
CVE-2017-5340
2017-01-12 14:17:41
CVE-2016-9936
2016-12-14 14:47:50
debian
debian
[SECURITY] [DSA 3737-1] php5 security update
2016-12-16 21:30:04
[SECURITY] [DSA 3737-1] php5 security update
2016-12-16 21:30:04
[SECURITY] [DLA 818-1] php5 security update
2017-02-07 16:25:20
seebug
seebug
PHP Use of uninitialized memory in unserialize() (CVE-2017-5340)
2017-01-12 00:00:00
f5
f5
K82907233 : PHP vulnerability CVE-2017-5340
2017-03-08 00:00:00
hackerone
hackerone
Internet Bug Bounty: Use of uninitialized memory in unserialize()
2017-01-05 11:24:39
checkpoint_advisories
checkpoint_advisories
PHP zend_hash_destroy Uninitialized Pointer Code Execution (CVE-2017-5340)
2017-02-26 00:00:00
ubuntu
ubuntu
PHP regression
2017-03-02 00:00:00
PHP vulnerabilities
2017-02-23 00:00:00
PHP vulnerabilities
2017-02-14 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2016-12-23 00:41:01
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by php5 vulnerabilities (CVE-2016-9933, CVE-2016-9935)
2018-06-18 01:35:18
amazon
amazon
Medium: php70
2017-01-26 18:00:00
Medium: php56
2017-01-26 18:00:00
Medium: php70
2017-03-29 20:15:00
attackerkb
attackerkb
CVE-2020-14933
2020-06-20 00:00:00
CVE-2020-14932
2020-06-20 00:00:00
slackware
slackware
[slackware-security] php
2016-12-12 23:11:02
gentoo
gentoo
PHP: Multiple vulnerabilities
2017-02-21 00:00:00
redhat
redhat
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
cloudfoundry
cloudfoundry
Multiple PHP vulnerabilities | Cloud Foundry
2017-03-17 00:00:00
suse
suse
Security update for php7 (important)
2017-02-22 15:08:24
Security update for php7 (important)
2017-03-02 15:12:04
apple
apple
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support
2017-08-29 02:52:03
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
2017-03-27 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.487 Medium

EPSS

Percentile

97.5%

JSON
Related for ASA-201701-28
nessus33freebsd1openvas12cve3veracode4prion3kaspersky2osv4ubuntucve3debiancve3zdt1redhatcve3debian3seebug1f51hackerone1checkpoint_advisories1ubuntu3mageia1ibm1amazon3attackerkb2slackware1gentoo1redhat1cloudfoundry1suse2apple2rosalinux1