← voltar
CVE-2016-5773

CVE-2016-5773

EPSS 9.1%
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://github.com/php/php-src/commit/f6aef68089221c5ea047d4a74224ee3deead99a6?w=1http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.htmlhttp://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttps://bugs.php.net/bug.php?id=72434https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731https://support.apple.com/HT207170http://www.debian.org/security/2016/dsa-3618http://www.openwall.com/lists/oss-security/2016/06/23/4http://www.securityfocus.com/bid/91397