Lucene search
+L

28 matches found

Hacker One
Hacker One
added 2017/08/18 1:24 p.m.49 views

Internet Bug Bounty: Heap Use After Free in unserialize()

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. This...

5CVSS8.8AI score0.03634EPSS
Exploits0
Prion
Prion
added 2017/08/18 3:29 a.m.23 views

Design/Logic Flaw

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

7.5CVSS9.6AI score0.0742EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2017/08/18 3:29 a.m.28 views

CVE-2017-12934

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

7.5CVSS7.2AI score0.03634EPSS
Exploits0References2
OSV
OSV
added 2017/08/18 3:29 a.m.27 views

CVE-2017-12932

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

9.8CVSS6.9AI score
Exploits0References9
Debian CVE
Debian CVE
added 2017/08/18 3:0 a.m.47 views

CVE-2017-12934

Removed by vendor...

7.5CVSS8.6AI score0.03634EPSS
Exploits0
CVE
CVE
added 2017/08/18 3:0 a.m.132 views

CVE-2017-12934

PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 are vulnerable to a heap use-after-free in unserializing untrusted data, specifically in ext/standard/var_unserializer.re, tied to the zval_get_type function in Zend/zend_types.h. Exploitation can impact PHP integrity (official CVE description: CVE-2...

7.5CVSS8.5AI score0.03634EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/05/25 12:0 a.m.96 views

PHP 7.1.x < 7.1.5 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.5. It is, therefore, affected by the following vulnerabilities : - A memory allocation issue exists in the zendstringextend function in file Zend/zendstring.h when concatenating strings due to a...

9.8CVSS7.1AI score0.07191EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2017/01/26 12:0 a.m.198 views

PHP 7.1.x < 7.1.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.1. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that is triggered when handling unserialized object properties. An unauthenticated, remote attacker c...

9.8CVSS7.7AI score0.41943EPSS
Exploits4References9
Rows per page
Query Builder