Vulnerability CVE-2016-7478


Published: 2017-01-11   Modified: 2017-01-27

Description:
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

Vendor: PHP
Product: PHP 
Version:
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.12
7.0.11
7.0.10
7.0.1
7.0.0
5.6.27
5.6.26
5.6.25
5.6.24
5.6.23
5.6.22
5.6.21
5.6.20
5.6.2
5.6.19
5.6.18
5.6.17
5.6.16
5.6.15
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.1
5.6.0
5.5.9
5.5.8
5.5.7
5.5.6
5.5.5
5.5.4
5.5.37
5.5.36
5.5.35
5.5.34
5.5.33
5.5.32
5.5.31
5.5.30
5.5.3
5.5.29
5.5.28
5.5.27
5.5.26
5.5.25
5.5.24
5.5.23
5.5.22
5.5.21
5.5.20
5.5.2
5.5.19
5.5.18
5.5.14
5.5.13
5.5.12
5.5.11
5.5.10
5.5.1
5.5.0
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.45
5.4.44
5.4.43
5.4.42
5.4.41
5.4.4
5.4.39
5.4.38
5.4.37
5.4.35
5.4.34
5.4.30
5.4.3
5.4.29
5.4.28
5.4.27
5.4.26
5.4.25
5.4.24
5.4.23
5.4.22
5.4.21
5.4.20
5.4.2
5.4.19
5.4.18
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
http://www.securityfocus.com/bid/95150
https://bugs.php.net/bug.php?id=73093
https://www.youtube.com/watch?v=LDcaPstAuPk

Related CVE
CVE-2016-4473
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_...
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variab...
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in for...
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of vali...
CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Co...
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger th...
CVE-2017-9119
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data struc...

Copyright 2017, cxsecurity.com