Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-7480

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 11 янв. 2017
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

ОписаниС

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

5.5.9+dfsg-1ubuntu4.20
precise

not-affected

5.3.10-1ubuntu3.25
trusty

not-affected

5.5.9+dfsg-1ubuntu4.20
trusty/esm

not-affected

5.5.9+dfsg-1ubuntu4.20
upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

DNE

yakkety

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

7.0.14-2ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

7.0.13-0ubuntu0.16.04.1
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

7.0.12
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

7.0.13-0ubuntu0.16.04.1

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 87%
0.03611
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-7480

CVSS3: 8.1
redhat
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-7480

CVSS3: 9.8
nvd
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-7480

CVSS3: 9.8
debian
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The SplObjectStorage unserialize implementation in ext/spl/spl_observe ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-35p7-xqgq-2gx7

CVSS3: 9.8
github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2017-01654

fstec
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Ρ€Π΅Π°Π»ΠΈΠ·Π°Ρ†ΠΈΠΈ слуТбы SplObjectStorage Π² ext/spl/spl_observer.c ΠΈΠ½Ρ‚Π΅Ρ€ΠΏΡ€Π΅Ρ‚Π°Ρ‚ΠΎΡ€Π° PHP, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании ΠΈΠ»ΠΈ Π²Ρ‹ΠΏΠΎΠ»Π½ΠΈΡ‚ΡŒ ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ»ΡŒΠ½Ρ‹ΠΉ ΠΊΠΎΠ΄

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 87%
0.03611
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2016-7480