Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10928
Denial of service vulnerabilities in PHP

Updated: 06/03/2020
Detect date
?
 01/04/2017
Severity
?
 Critical
Description

Multiple serious vulnerabilities have been found in PHP through 5.6.27 and 7.x through 7.0.12. Malicious users can exploit these vulnerabilities to cause a denial of service. Other unspecified impacts are also possible.

Below is a complete list of vulnerabilities:

  1. Mishandling of property modification during __wakeup processing can be exploited remotely via specially designed serialized data to cause a denial of service;
  2. Use-after-free vulnerability in the CURLFile implementation (ext/curl/curl_file.c) can be exploited remotely via specially designed data mishandled while __wakeup processing to cause a denial of service.
Affected products

PHP through 5.6.27
PHP 7.x through 7.0.12
Solution

Update to the latest versions
Download PHP
Original advisories

PHP 5 ChangeLog
PHP 7 ChangeLog
Impacts
?
DoS 
[?]
Related products
 PHP
CVE-IDS
?
CVE-2016-91387.5Critical
CVE-2016-91377.5Critical
Find out the statistics of the vulnerabilities spreading in your region
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up