CVE-2016-7478
https://notcve.org/view.php?id=CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. cccZend/zend_exceptions.c en PHP, posiblemente en 5.x en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un objeto Exception manipulado en datos serializados, un caso relacionado con CVE-2015-8876. • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95150 https://bugs.php.net/bug.php?id=73093 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.youtube.com/watch?v=LDcaPstAuPk •
CVE-2016-9137
https://notcve.org/view.php?id=CVE-2016-9137
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. Vulnerabilidad de uso después de liberación de memoria en la implementación de CURLFile en ext/curl/curl_file.c en PHP en versiones anteriores a 5.6.27 y 7.x en versiones anteriores a 7.0.12 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de datos serializados manipulados que no maneja adecuadamente durante el procesamiento de __wakeup. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0e6fe3a4c96be2d3e88389a5776f878021b4c59f http://www.debian.org/security/2016/dsa-3698 http://www.openwall.com/lists/oss-security/2016/11/01/2 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/93577 https://bugs.php.net/bug.php?id=73147 https://www.tenable.com/security/tns-2016-19 • CWE-416: Use After Free •
CVE-2016-9138
https://notcve.org/view.php?id=CVE-2016-9138
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. PHP hasta la versión 5.6.27 y 7.x hasta la versión 7.0.12 no maneja adecuadamente la modificación de propiedades durante el procesamiento de __wakeup, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de datos serializados manipulados como se demuestra por Exception::__toString con DateInterval::__wakeup. • http://www.openwall.com/lists/oss-security/2016/11/01/2 http://www.securityfocus.com/bid/95268 https://bugs.php.net/bug.php?id=73147 • CWE-416: Use After Free •
CVE-2016-9935 – php: Invalid read when wddx decodes empty boolean element
https://notcve.org/view.php?id=CVE-2016-9935
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. La función php_wddx_push_element en ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.29 y 7.x en versiones anteriores a 7.0.14 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y corrupción de memoria) o posiblemente tener otro impacto no especificado de un elemento booleano vacío en un documento wddxPacket XML. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.debian.org/security/2016/dsa-3737 http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/94846 https://access.redhat.com/errata/RHSA-2018:1296 https://bug • CWE-125: Out-of-bounds Read •
CVE-2016-9933 – gd: Stack overflow in gdImageFillToBorder on truecolor images
https://notcve.org/view.php?id=CVE-2016-9933
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Vulnerabilidad de consumo de pila en la función gdImageFillToBorder en gd.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.2, como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegación de servicio (violación de segmentación) a través de una llamada imagefilltoborder manipulada que desencadena el uso de un valor de color negativo. An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://www.debian.org/security/2017/dsa-3751 http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.php.net/ChangeLog-5.php http://www.p • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •