KLA10929Denial of service vulnerability in PHP

2017-01-04T00:00:00
ID KLA10929
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

01/04/2017

Severity:

Critical

Description:

An improper unserialize implementation in ext/standard/var.c was found in PHP 7.x before 7.0.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via specially designed serialized data.

Affected products:

PHP 7.x before 7.0.14

Solution:

Update to the latest version
Download PHP

Original advisories:

PHP 7 ChangeLog

Impacts:

DoS

Related products:

PHP

CVE-IDS:

CVE-2016-99367.5Critical