CVE-2016-10162 – php: Null pointer dereference when unserializing PHP object
https://notcve.org/view.php?id=CVE-2016-10162
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. La función php_wddx_pop_element en ext/wddx/wddx.c en PHP 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un nombre de clase inaplicable en un documento XML wddxPacket, esto lleva a un mal manejo en una llamada la wddx_deserialize. • http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/95668 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73831 https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b https://access.redhat.com/security/cve/CVE-2016-10162 https://bugzilla.redhat.com/show_bug.cgi?id=1419012 • CWE-476: NULL Pointer Dereference •
CVE-2016-7479 – php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
https://notcve.org/view.php?id=CVE-2016-7479
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. En todas las versiones de PHP 7, durante el proceso no serializado, redimensionando las "propiedades" de la tabla hash de un objeto serializado puede conducir a un uso después de liberación de memoria. Un atacante remoto puede explotar este error para obtener ejecución de código arbitraria. • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95151 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73092 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.youtube.com/watch?v=LDcaPstAuPk https://access. • CWE-416: Use After Free •
CVE-2016-7480
https://notcve.org/view.php?id=CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. La implementación no serializable SplObjectStorage en ext/spl/spl_observer.c en PHP en versiones anteriores a 7.0.12 no verifica que una clave sea un objeto, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (acceso a memoria no inicializada) a través de datos serializados manipulados. • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/95152 https://bugs.php.net/bug.php?id=73257 https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.youtube.com/watch?v=LDcaPstAuPk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7478
https://notcve.org/view.php?id=CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. cccZend/zend_exceptions.c en PHP, posiblemente en 5.x en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un objeto Exception manipulado en datos serializados, un caso relacionado con CVE-2015-8876. • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95150 https://bugs.php.net/bug.php?id=73093 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.youtube.com/watch?v=LDcaPstAuPk •
CVE-2017-5340 – php: Use of uninitialized memory in unserialize()
https://notcve.org/view.php?id=CVE-2017-5340
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. Zend/zend_hash.c en PHP en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 no maneja adecuadamente ciertos casos que requieren asignaciones de array grandes, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de enteros, acceso a memoria no inicializada y uso de punteros de la función de destructor arbitrarios) a través de datos serializados manipulados. • http://www.securityfocus.com/bid/95371 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73832 https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12 https://security.netapp.com/advisory/ntap-20180112-0001 https://access.redhat.com/security/cve/CVE-2017-5340 https://bugzilla.redhat.com/show_bug.cgi?id=1412631 • CWE-190: Integer Overflow or Wraparound CWE-456: Missing Initialization of a Variable •