Описание
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-7479
- https://access.redhat.com/errata/RHSA-2018:1296
- https://bugs.php.net/bug.php?id=73092
- https://security.netapp.com/advisory/ntap-20180112-0001
- https://www.youtube.com/watch?v=LDcaPstAuPk
- http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
- http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
- http://www.securityfocus.com/bid/95151
- http://www.securitytracker.com/id/1037659
Связанные уязвимости
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
In all versions of PHP 7, during the unserialization process, resizing ...
Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код