CVE-2017-12932

EUVD-2017-4456
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.13
phpphp
7.0.14
phpphp
7.0.15
phpphp
7.0.16
phpphp
7.0.17
phpphp
7.0.18
phpphp
7.0.19
phpphp
7.0.20
phpphp
7.0.21
phpphp
7.0.22
phpphp
7.1.0
phpphp
7.1.1
phpphp
7.1.2
phpphp
7.1.3
phpphp
7.1.4
phpphp
7.1.5
phpphp
7.1.6
phpphp
7.1.7
phpphp
7.1.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
artful
dne
trusty
not-affected
xenial
dne
zesty
dne
php7.0
artful
dne
trusty
dne
xenial
Fixed 7.0.25-0ubuntu0.16.04.1
released
zesty
ignored
php7.1
artful
not-affected
trusty
dne
xenial
dne
zesty
dne
Common Weakness Enumeration
References
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/100427
https://access.redhat.com/errata/RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=74103
https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4
https://security.gentoo.org/glsa/201709-21
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.debian.org/security/2018/dsa-4080
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/100427
https://access.redhat.com/errata/RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=74103
https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4
https://security.gentoo.org/glsa/201709-21
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.debian.org/security/2018/dsa-4080