CVE-2016-7480
11.01.2017, 07:59
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.0.0 ≤ 𝑥 < 7.0.11 |
| netapp | clustered_data_ontap | - |
𝑥
= Vulnerable software versions
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| php70 |
| ||
| php70-bcmath |
| ||
| php70-cli |
| ||
| php70-common |
| ||
| php70-dba |
| ||
| php70-dbg |
| ||
| php70-debuginfo |
| ||
| php70-devel |
| ||
| php70-embedded |
| ||
| php70-enchant |
| ||
| php70-fpm |
| ||
| php70-gd |
| ||
| php70-gmp |
| ||
| php70-imap |
| ||
| php70-intl |
| ||
| php70-json |
| ||
| php70-ldap |
| ||
| php70-mbstring |
| ||
| php70-mcrypt |
| ||
| php70-mysqlnd |
| ||
| php70-odbc |
| ||
| php70-opcache |
| ||
| php70-pdo |
| ||
| php70-pdo-dblib |
| ||
| php70-pgsql |
| ||
| php70-process |
| ||
| php70-pspell |
| ||
| php70-recode |
| ||
| php70-snmp |
| ||
| php70-soap |
| ||
| php70-tidy |
| ||
| php70-xml |
| ||
| php70-xmlrpc |
| ||
| php70-zip |
|
Common Weakness Enumeration
References