CVE-2016-7480: Buffer Overflow
First published: Wed Jan 11 2017(Updated: )
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
Credit: cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | >=7.0.0<7.0.11 | |
| NetApp Clustered Data ONTAP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
- http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/95152
- https://bugs.php.net/bug.php?id=73257
- https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4
- https://security.netapp.com/advisory/ntap-20180112-0001/
- https://www.youtube.com/watch?v=LDcaPstAuPk
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/php
- canonical/php php
- version/php php/7.0.0
- vendor/netapp
- canonical/netapp clustered data ontap