// For flags

CVE-2017-5340

php: Use of uninitialized memory in unserialize()

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

9.2%
*EPSS

Affected Versions

3
*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.

Zend/zend_hash.c en PHP en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 no maneja adecuadamente ciertos casos que requieren asignaciones de array grandes, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de enteros, acceso a memoria no inicializada y uso de punteros de la función de destructor arbitrarios) a través de datos serializados manipulados.

USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-01-11 CVE Reserved
  • 2017-01-11 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2025-04-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-456: Missing Initialization of a Variable
CAPEC
Affected Vendors, Products, and Versions (3)