Описание
Multiple serious vulnerabilities have been found in PHP through 5.6.27 and 7.x through 7.0.12. Malicious users can exploit these vulnerabilities to cause a denial of service. Other unspecified impacts are also possible.
Below is a complete list of vulnerabilities:
- Mishandling of property modification during __wakeup processing can be exploited remotely via specially designed serialized data to cause a denial of service;
- Use-after-free vulnerability in the CURLFile implementation (ext/curl/curl_file.c) can be exploited remotely via specially designed data mishandled while __wakeup processing to cause a denial of service.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2016-9138 critical
- CVE-2016-9137 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!