Описание
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise/esm | not-affected | code not present |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| zesty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 7.0.22-0ubuntu0.16.04.1 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.0.21 |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | 7.0.22-0ubuntu0.16.04.1 |
| zesty | not-affected | 7.0.22-0ubuntu0.17.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 7.1.8-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.1.7 |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| zesty | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
Уязвимость компонента ext/standard/var_unserializer.re интерпретатора языка программирования PHP, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5 Medium
CVSS2
7.5 High
CVSS3