Lucene search

K

CheckpointCVELIST:CVE-2016-7480

HistoryJan 11, 2017 - 6:45 a.m.

CVE-2016-7480

2017-01-1106:45:00

checkpoint

www.cve.org

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

CNA Affected

[
  {
    "product": "PHP before 7.0.12",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PHP before 7.0.12"
      }
    ]
  }
]

References

blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

php.net/ChangeLog-7.php

www.securityfocus.com/bid/95152

bugs.php.net/bug.php?id=73257

github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4

security.netapp.com/advisory/ntap-20180112-0001/

www.youtube.com/watch?v=LDcaPstAuPk

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

Related for CVELIST:CVE-2016-7480

debiancve1 osv1 kaspersky1 prion1 ubuntucve1 openvas6 cve1 redhatcve1 nvd1 nessus12 freebsd1 thn1 amazon1 suse2 rosalinux1