CVE-2017-12934

2017-08-1803:29:00

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.6%

JSON

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

CPENameOperatorVersion
php-srceqphp-7.0.17RC1
php-srceqphp-5.6.19RC1
php-srceqphp-7.0.12RC1
php-srceqphp-7.1.3RC1
php-srceqphp-7.0.0RC7
php-srceqphp-7.0.14RC1
php-srceqphp-7.0.15
php-srceqPRE_PHPNG_MERGE
php-srceqphp-7.0.7
php-srceqphp-5.4.30RC1

Name	Operator	Version
php-src	eq	php-7.0.17RC1
php-src	eq	php-5.6.19RC1
php-src	eq	php-7.0.12RC1
php-src	eq	php-7.1.3RC1
php-src	eq	php-7.0.0RC7
php-src	eq	php-7.0.14RC1
php-src	eq	php-7.0.15
php-src	eq	PRE_PHPNG_MERGE
php-src	eq	php-7.0.7
php-src	eq	php-5.4.30RC1