CVE-2016-10161

EUVD-2016-1349
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.6.29
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.13
phpphp
7.0.14
phpphp
7.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.26
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.21
released
xenial
dne
yakkety
dne
php7.0
precise
dne
trusty
dne
xenial
Fixed 7.0.15-0ubuntu0.16.04.2
released
yakkety
Fixed 7.0.15-0ubuntu0.16.10.2
released
Common Weakness Enumeration
References
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.debian.org/security/2017/dsa-3783
http://www.securityfocus.com/bid/95768
http://www.securitytracker.com/id/1037659
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73825
https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2
https://security.gentoo.org/glsa/201702-29
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.tenable.com/security/tns-2017-04
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.debian.org/security/2017/dsa-3783
http://www.securityfocus.com/bid/95768
http://www.securitytracker.com/id/1037659
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73825
https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2
https://security.gentoo.org/glsa/201702-29
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.tenable.com/security/tns-2017-04