KLA10944
Denial of service and arbitrary code execution vulnerabilities in PHP
Обновлено: 17/06/2019
Дата обнаружения
11/01/2017
Уровень угрозы
Critical
Описание

An improper implementation of the SplObjectStorage unserialize in ext/spl/spl_observer.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed serialized data.


Technical details

Vulnerability occurs because an implementation does not verify whether a key is an object or not.

Пораженные продукты

PHP 7.x before 7.0.12

Решение

Update to the latest version
Download PHP

Первичный источник обнаружения
PHP Bug Tracking System
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
PHP
CVE-IDS
CVE-2016-74807.5Critical