Описание
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
Ссылки
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- Technical DescriptionThird Party Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:swoole:swoole:4.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01465
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
EPSS
Процентиль: 80%
0.01465
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502