CVE-2017-12934

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.13
phpphp
7.0.14
phpphp
7.0.15
phpphp
7.0.16
phpphp
7.0.17
phpphp
7.0.18
phpphp
7.0.19
phpphp
7.0.20
phpphp
7.1.0
phpphp
7.1.1
phpphp
7.1.2
phpphp
7.1.3
phpphp
7.1.4
phpphp
7.1.5
phpphp
7.1.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
zesty
dne
xenial
dne
trusty
not-affected
php7.0
zesty
not-affected
xenial
not-affected
trusty
dne
php7.1
zesty
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/100428
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=74101
https://www.debian.org/security/2018/dsa-4080
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/100428
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=74101
https://www.debian.org/security/2018/dsa-4080