logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2016-7417

Description

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. #### Bugs * <https://bugs.php.net/bug.php?id=73029>


Affected Package


OS OS Version Package Name Package Version
ubuntu Upstream php5 5.6.26
ubuntu 14.04 php5 5.5.9+dfsg-1ubuntu4.20
ubuntu Upstream php7.0 7.0.11
ubuntu 16.04 php7.0 7.0.8-0ubuntu0.16.04.3

Related