KLA10929
Denial of service vulnerability in PHP
Updated: 06/01/2019
Detect date
?
01/04/2017
Severity
?
Critical
Description

An improper unserialize implementation in ext/standard/var.c was found in PHP 7.x before 7.0.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via specially designed serialized data.


Technical details

This vulnerability is a consequence of an incomplete fix for CVE-2015-6834.

Affected products

PHP 7.x before 7.0.14

Solution

Update to the latest version
Download PHP

Original advisories

PHP 7 ChangeLog

Impacts
?
DoS 
[?]
Related products
PHP
CVE-IDS
?
CVE-2016-99367.5Critical