English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
KLA10944
Denial of service and arbitrary code execution vulnerabilities in PHP
Updated: 05/22/2020
|
Detect date
?
|
01/11/2017 |
|
Severity
?
|
Critical |
|
Description
|
An improper implementation of the SplObjectStorage unserialize in ext/spl/spl_observer.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed serialized data. Technical details Vulnerability occurs because an implementation does not verify whether a key is an object or not. |
|
Affected products
|
PHP 7.x before 7.0.12 |
|
Solution
|
Update to the latest version |
|
Original advisories
|
|
|
Impacts
?
|
ACE [?] DoS [?] |
|
Related products
|
PHP |
|
CVE-IDS
?
|
|