CVSS: 7.5EPSS: 3%CPEs: 17EXPL: 0CVE-2016-10161 – php: Out-of-bounds heap read on unserialize in finish_nested_data()
https://notcve.org/view.php?id=CVE-2016-10161
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. La función object_common1 en ext/standard/var_unserializer.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer y caída de aplicación) a través de datos serializados manipulados que se maneja mal en una llamada finish_nested_data. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.debian.org/security/2017/dsa-3783 http://www.securityfocus.com/bid/95768 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73825 https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2 https://security.gentoo.org/glsa/201702-29 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.tenable.co • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2016-10162 – php: Null pointer dereference when unserializing PHP object
https://notcve.org/view.php?id=CVE-2016-10162
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. La función php_wddx_pop_element en ext/wddx/wddx.c en PHP 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un nombre de clase inaplicable en un documento XML wddxPacket, esto lleva a un mal manejo en una llamada la wddx_deserialize. • http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/95668 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73831 https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b https://access.redhat.com/security/cve/CVE-2016-10162 https://bugzilla.redhat.com/show_bug.cgi?id=1419012 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 1CVE-2016-7479 – php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
https://notcve.org/view.php?id=CVE-2016-7479
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. En todas las versiones de PHP 7, durante el proceso no serializado, redimensionando las "propiedades" de la tabla hash de un objeto serializado puede conducir a un uso después de liberación de memoria. Un atacante remoto puede explotar este error para obtener ejecución de código arbitraria. • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95151 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73092 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.youtube.com/watch?v=LDcaPstAuPk https://access. • CWE-416: Use After Free •
CVSS: 9.8EPSS: 48%CPEs: 3EXPL: 1CVE-2017-5340 – php: Use of uninitialized memory in unserialize()
https://notcve.org/view.php?id=CVE-2017-5340
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. Zend/zend_hash.c en PHP en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 no maneja adecuadamente ciertos casos que requieren asignaciones de array grandes, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de enteros, acceso a memoria no inicializada y uso de punteros de la función de destructor arbitrarios) a través de datos serializados manipulados. • http://www.securityfocus.com/bid/95371 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73832 https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12 https://security.netapp.com/advisory/ntap-20180112-0001 https://access.redhat.com/security/cve/CVE-2017-5340 https://bugzilla.redhat.com/show_bug.cgi?id=1412631 • CWE-190: Integer Overflow or Wraparound CWE-456: Missing Initialization of a Variable •
CVSS: 9.6EPSS: 0%CPEs: 13EXPL: 1CVE-2015-8866 – php: libxml_disable_entity_loader setting is shared between threads
https://notcve.org/view.php?id=CVE-2015-8866
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_disable_entity_loader en otros hilos, lo que permite a atacantes remotos llevar a cabo ataques XML External Entity (XXE) y XML Entity Expansion (XEE) a través de un documento XML manipulado, un problema relacionado con la CVE-2015-5161. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/ • CWE-611: Improper Restriction of XML External Entity Reference •