CVE-2017-12934

EUVD-2017-4458
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.13
phpphp
7.0.14
phpphp
7.0.15
phpphp
7.0.16
phpphp
7.0.17
phpphp
7.0.18
phpphp
7.0.19
phpphp
7.0.20
phpphp
7.1.0
phpphp
7.1.1
phpphp
7.1.2
phpphp
7.1.3
phpphp
7.1.4
phpphp
7.1.5
phpphp
7.1.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
trusty
not-affected
xenial
dne
zesty
dne
php7.0
trusty
dne
xenial
not-affected
zesty
not-affected
php7.1
trusty
dne
xenial
dne
zesty
dne
Common Weakness Enumeration
References
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/100428
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=74101
https://www.debian.org/security/2018/dsa-4080
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/100428
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=74101
https://www.debian.org/security/2018/dsa-4080