Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-12932

Опубликовано: 20 фев. 2017
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php71-phpFixedRHSA-2019:251919.08.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUSrh-php70-phpFixedRHSA-2018:129603.05.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1484837php: Heap use after free in ext/standard/var_unserializer.re

EPSS

Процентиль: 84%
0.02291
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-12932

CVSS3: 9.8
ubuntu
около 8 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

nvd логотип

CVE-2017-12932

CVSS3: 9.8
nvd
около 8 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

debian логотип

CVE-2017-12932

CVSS3: 9.8
debian
около 8 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...

github логотип

GHSA-3w3q-r4qc-93xr

CVSS3: 9.8
github
больше 3 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

fstec логотип

BDU:2017-02024

fstec
больше 8 лет назад

Уязвимость в ext/standard/var_unserializer.re гипертекстового процессора PHP, позволяющая нарушителю оказать неопределенное воздействие на целостность данных

EPSS

Процентиль: 84%
0.02291
Низкий

8.1 High

CVSS3