CVE-2016-7411: Buffer Overflow
First published: Sat Sep 17 2016(Updated: )
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <=5.6.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2016/09/15/10
- http://www.php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/93009
- http://www.securitytracker.com/id/1036836
- https://bugs.php.net/bug.php?id=73052
- https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1
- https://security.gentoo.org/glsa/201611-22
Frequently Asked Questions
What is the severity of CVE-2016-7411?
CVE-2016-7411 has a medium severity rating due to its potential to cause denial of service and memory corruption.
How do I fix CVE-2016-7411?
You can fix CVE-2016-7411 by upgrading PHP to version 5.6.26 or later.
What is affected by CVE-2016-7411?
CVE-2016-7411 affects PHP versions earlier than 5.6.26 that handle object deserialization.
What can attackers do with CVE-2016-7411?
Attackers can exploit CVE-2016-7411 to cause a denial of service or potentially execute arbitrary code through object deserialization.
When was CVE-2016-7411 disclosed?
CVE-2016-7411 was disclosed in September 2016.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/php
- canonical/php
- version/php/5.6.25