Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-12932

Опубликовано: 18 авг. 2017
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

РелизСтатусПримечание
artful

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

code not present
precise/esm

not-affected

code not present
trusty

not-affected

code not present
trusty/esm

not-affected

code not present
upstream

needs-triage

vivid/ubuntu-core

DNE

xenial

DNE

zesty

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

7.0.25-0ubuntu0.16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

7.0.23
vivid/ubuntu-core

DNE

xenial

released

7.0.25-0ubuntu0.16.04.1

Показывать по

РелизСтатусПримечание
artful

not-affected

7.1.11-0ubuntu0.17.10.1
devel

not-affected

7.1.11-0ubuntu2
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

7.1.9
vivid/ubuntu-core

DNE

xenial

DNE

zesty

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 84%
0.02291
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-12932

CVSS3: 8.1
redhat
больше 8 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

nvd логотип

CVE-2017-12932

CVSS3: 9.8
nvd
около 8 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

debian логотип

CVE-2017-12932

CVSS3: 9.8
debian
около 8 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...

github логотип

GHSA-3w3q-r4qc-93xr

CVSS3: 9.8
github
больше 3 лет назад

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

fstec логотип

BDU:2017-02024

fstec
больше 8 лет назад

Уязвимость в ext/standard/var_unserializer.re гипертекстового процессора PHP, позволяющая нарушителю оказать неопределенное воздействие на целостность данных

EPSS

Процентиль: 84%
0.02291
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3