CVE-2016-7479

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.14
phpphp
7.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.26
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.21
released
xenial
dne
yakkety
dne
php7.0
precise
dne
trusty
dne
xenial
Fixed 7.0.15-0ubuntu0.16.04.2
released
yakkety
Fixed 7.0.15-0ubuntu0.16.10.2
released
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
php70
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-bcmath
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-cli
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-common
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-dba
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-dbg
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-debuginfo
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-devel
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-embedded
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-enchant
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-fpm
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-gd
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-gmp
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-imap
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-intl
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-json
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-ldap
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-mbstring
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-mcrypt
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-mysqlnd
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-odbc
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-opcache
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pdo
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pdo-dblib
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pgsql
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-process
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-pspell
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-recode
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-snmp
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-soap
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-tidy
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-xml
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-xmlrpc
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed
php70-zip
Amazon Linux 1
0:7.0.16-1.21.amzn1
fixed