CVE-2016-10161
published 2017-01-24CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to…
PriorityP339high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
13.31%
95.9th percentile
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| php | php | <= 5.6.29 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.21 | 5.5.9+dfsg-1ubuntu4.21 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9xq-6ph4-999c: The object_common1 function in ext/standard/var_unserializer
ghsa_unreviewed·2022-05-14
CVE-2016-10161 [HIGH] CWE-125 GHSA-q9xq-6ph4-999c: The object_common1 function in ext/standard/var_unserializer
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
OSV
php7.0 regression
osv·2017-03-02·CVSS 7.5
[HIGH] php7.0 regression
php7.0 regression
USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.
Original advisory details:
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unse
OSV
php7.0 vulnerabilities
osv·2017-02-23·CVSS 7.5
CVE-2016-7479 [HIGH] php7.0 vulnerabilities
php7.0 vulnerabilities
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-9935)
It was discovered that PHP incorrectly han
OSV
php5 vulnerabilities
osv·2017-02-14·CVSS 9.8
CVE-2014-9912 [CRITICAL] php5 vulnerabilities
php5 vulnerabilities
It was discovered that PHP incorrectly handled certain arguments to the
locale_get_display_name function. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-9912)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
hang, resulting in a denial of service. (CVE-2016-7478)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects
OSV
CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer
osv·2017-01-24·CVSS 7.5
CVE-2016-10161 [HIGH] CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
Apple
CVE-2016-10161: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 7.5
CVE-2016-10161 [HIGH] CVE-2016-10161: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2016-10161
Component: CVE-2016-10161
Ubuntu
PHP regression
vendor_ubuntu·2017-03-02·CVSS 7.5
[HIGH] PHP regression
Title: PHP regression
Summary: USN-3211-1 introduced a regression in PHP.
USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.
Original advisory details:
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-02-23·CVSS 7.5
CVE-2016-7479 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (C
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-02-14·CVSS 9.8
CVE-2014-9912 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain arguments to the
locale_get_display_name function. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-9912)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
hang, resulting in a denial of service. (CVE-2016-7478)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was disc
Red Hat
php: Out-of-bounds heap read on unserialize in finish_nested_data()
vendor_redhat·2017-01-19·CVSS 7.5
CVE-2016-10161 [HIGH] CWE-125 php: Out-of-bounds heap read on unserialize in finish_nested_data()
php: Out-of-bounds heap read on unserialize in finish_nested_data()
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package: php (Red Hat Enterprise Linux 7) - Will not fix
Package: php (Red Hat OpenShift Enterprise 2) - Will not fix
Package: rh-php56-php (Red Hat Software Collections) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 php: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 7.5
CVE-2016-10158 [HIGH] CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 php: various flaws [fedora-all]
CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mu
Bugzilla
CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()
bugzilla·2017-02-03·CVSS 7.5
CVE-2016-10161 [HIGH] CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()
CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data()
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
Upstream bug:
https://bugs.php.net/bug.php?id=73825
Upstream patch:
https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1419021]
---
This issue happens when untrusted input is unserialized. Doing so is documented as being unsafe:
http://php.net/manual/en/function.unserialize.php
Do not pass untrust
Tenable
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
blogs_tenable·2017-02-14
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://www.debian.org/security/2017/dsa-3783http://www.securityfocus.com/bid/95768http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=73825https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2https://security.gentoo.org/glsa/201702-29https://security.netapp.com/advisory/ntap-20180112-0001/https://www.tenable.com/security/tns-2017-04http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://www.debian.org/security/2017/dsa-3783http://www.securityfocus.com/bid/95768http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=73825https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2https://security.gentoo.org/glsa/201702-29https://security.netapp.com/advisory/ntap-20180112-0001/https://www.tenable.com/security/tns-2017-04
2017-01-24
Published