CVE-2016-5773: Use After Free
First published: Sun Aug 07 2016(Updated: )
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | <=5.5.36 | |
| PHP PHP | =5.6.0-alpha1 | |
| PHP PHP | =5.6.0-alpha2 | |
| PHP PHP | =5.6.0-alpha3 | |
| PHP PHP | =5.6.0-alpha4 | |
| PHP PHP | =5.6.0-alpha5 | |
| PHP PHP | =5.6.0-beta1 | |
| PHP PHP | =5.6.0-beta2 | |
| PHP PHP | =5.6.0-beta3 | |
| PHP PHP | =5.6.0-beta4 | |
| PHP PHP | =5.6.1 | |
| PHP PHP | =5.6.2 | |
| PHP PHP | =5.6.3 | |
| PHP PHP | =5.6.4 | |
| PHP PHP | =5.6.5 | |
| PHP PHP | =5.6.6 | |
| PHP PHP | =5.6.7 | |
| PHP PHP | =5.6.8 | |
| PHP PHP | =5.6.9 | |
| PHP PHP | =5.6.10 | |
| PHP PHP | =5.6.11 | |
| PHP PHP | =5.6.12 | |
| PHP PHP | =5.6.13 | |
| PHP PHP | =5.6.14 | |
| PHP PHP | =5.6.15 | |
| PHP PHP | =5.6.16 | |
| PHP PHP | =5.6.17 | |
| PHP PHP | =5.6.18 | |
| PHP PHP | =5.6.19 | |
| PHP PHP | =5.6.20 | |
| PHP PHP | =5.6.21 | |
| PHP PHP | =5.6.22 | |
| PHP PHP | =5.6.23 | |
| PHP PHP | =7.0.0 | |
| PHP PHP | =7.0.1 | |
| PHP PHP | =7.0.2 | |
| PHP PHP | =7.0.3 | |
| PHP PHP | =7.0.4 | |
| PHP PHP | =7.0.5 | |
| PHP PHP | =7.0.6 | |
| PHP PHP | =7.0.7 | |
| <7.0.8 | 7.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://github.com/php/php-src/commit/f6aef68089221c5ea047d4a74224ee3deead99a6?w=1
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3618
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- http://www.securityfocus.com/bid/91397
- https://bugs.php.net/bug.php?id=72434
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://support.apple.com/HT207170
- https://www.php.net/ChangeLog-7.php#7.0.8 (Advisory)
- collector/nvd-index
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/php-changelog
- source/PHP
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/php
- canonical/php php
- version/php php/5.5.36
- version/php php/5.6.0-alpha1
- version/php php/5.6.0-alpha2
- version/php php/5.6.0-alpha3
- version/php php/5.6.0-alpha4
- version/php php/5.6.0-alpha5
- version/php php/5.6.0-beta1
- version/php php/5.6.0-beta2
- version/php php/5.6.0-beta3
- version/php php/5.6.0-beta4
- version/php php/5.6.1
- version/php php/5.6.2
- version/php php/5.6.3
- version/php php/5.6.4
- version/php php/5.6.5
- version/php php/5.6.6
- version/php php/5.6.7
- version/php php/5.6.8
- version/php php/5.6.9
- version/php php/5.6.10
- version/php php/5.6.11
- version/php php/5.6.12
- version/php php/5.6.13
- version/php php/5.6.14
- version/php php/5.6.15
- version/php php/5.6.16
- version/php php/5.6.17
- version/php php/5.6.18
- version/php php/5.6.19
- version/php php/5.6.20
- version/php php/5.6.21
- version/php php/5.6.22
- version/php php/5.6.23
- version/php php/7.0.0
- version/php php/7.0.1
- version/php php/7.0.2
- version/php php/7.0.3
- version/php php/7.0.4
- version/php php/7.0.5
- version/php php/7.0.6
- version/php php/7.0.7