CVE-2016-5771
published 2016-08-07CVE-2016-5771: spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.48%
96.4th percentile
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra | — | — |
| debian | debian_linux | — | — |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| php | php | < 5.5.37 | 5.5.37 |
| php | php | >= 5.6.0 < 5.6.23 | 5.6.23 |
| php | php | >= 7.0.0 < 7.0.8 | 7.0.8 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.19 | 5.5.9+dfsg-1ubuntu4.19 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-5771: macOS Sierra 10.12
vendor_apple·2016-09-20·CVSS 9.8
CVE-2016-5771 [CRITICAL] CVE-2016-5771: macOS Sierra 10.12
Apple Security Update: About the security content of macOS Sierra 10.12
Product: macOS Sierra
Version: 10.12
CVE: CVE-2016-5771
Component: CVE-2016-5771
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2016-08-02·CVSS 9.8
CVE-2015-4116 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain SplMinHeap::compare
operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)
It was discovered that PHP incorrectly handled recursive method calls. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception objects
when unserializing data. A remote attacker could use this issue to cause
PHP to crash, resulting
Red Hat
php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
vendor_redhat·2016-06-23·CVSS 9.8
CVE-2016-5771 [CRITICAL] CWE-416 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package: php (Red Hat Enterprise Linux 7) - Will not fix
Package: php54-php (Red Hat Software Collections) - Will not fix
Package: php55-php (Red Hat Software Collections) - Will not fix
GHSA
GHSA-pxh8-vqh4-j2qq: spl_array
ghsa_unreviewed·2022-05-14
CVE-2016-5771 [CRITICAL] CWE-416 GHSA-pxh8-vqh4-j2qq: spl_array
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
OSV
php5, php7.0 vulnerabilities
osv·2016-08-02·CVSS 9.8
CVE-2015-4116 [CRITICAL] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that PHP incorrectly handled certain SplMinHeap::compare
operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)
It was discovered that PHP incorrectly handled recursive method calls. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception objects
when unserializing data. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitr
OSV
CVE-2016-5771: spl_array
osv·2016-06-24·CVSS 9.8
CVE-2016-5771 [CRITICAL] CVE-2016-5771: spl_array
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
bugzilla·2016-06-29·CVSS 9.8
CVE-2016-5771 [CRITICAL] CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
A use after free vulnerability was discovered when PHP's garbage collection algorithm interacts with other specific PHP objects. This vulnerability has wide reaching effects like allowing the exploitation of unserialize to gain remote code execution on a target system.
Upstream bug:
https://bugs.php.net/bug.php?id=72433
Upstream patch:
http://git.php.net/?p=php-src.git;a=commitdiff;h=3f627e580acfdaf0595ae3b115b8bec677f203ee
CVE assignment:
http://seclists.org/oss-sec/2016/q2/589
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1351180]
---
php-5.6.23-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in thi
Bugzilla
CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
bugzilla·2016-06-29·CVSS 9.8
CVE-2016-5773 [CRITICAL] CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
A use after free vulnerability was discovered when PHP's garbage collection algorithm interacts with other specific PHP objects. This vulnerability has wide reaching effects like allowing the exploitation of unserialize to gain remote code execution on a target system.
Upstream bug:
https://bugs.php.net/bug.php?id=72434
Upstream patch:
http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
CVE assignment:
http://seclists.org/oss-sec/2016/q2/589
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1351180]
---
php-pecl-zip-1.13.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, ple
Bugzilla
CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]
bugzilla·2016-06-29·CVSS 8.8
CVE-2016-5766 [HIGH] CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]
CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
arXiv
Towards Automated Application-Specific Software Stacks
arxiv_fulltext·2019-09-16
Towards Automated Application-Specific Software Stacks
ASSS
vtblptr
thisptr
vcall
i.\,e.
e.\,g.
[1]red Andre: #1
[1]green Thorsten: #1
[1]blue Erik: #1
[1]#1
[1] #1
[1] #1
[1]# 1pt#1
[1]+ 1pt#1
[2][c]tabular[#1]@c@#2tabular
(i)
(ii)
(iii)
(iv)
(v)
(vi)
medbluergb0,0,0.5
[named]NewtonRed1cmyk0,0.90,0.86,0
[named]NewtonRed2cmyk0,0.84,0.76,0.40
lightergraygray0.85
[named]ACMPurplecmyk0.55,1,0,0.15
dkgreenrgb0,0.6,0
grayrgb0.5,0.5,0.5
mauvergb0.58,0,0.82
[named]ACMDarkBluecmyk1,0.58,0,0.21
myredrgb0.545098,0.10196,0.0549
gray75gray0.75
frame=none,
language=,
numbers=none,
basicstyle= ,
showstringspaces=false,
columns=flexible,
upquote=true,
breaklines=true,
breakatwhitespace=true,
tabsize=2,
keywordstyle=NewtonRed1 ,
keywordstyle=[2]NewtonRed2 ,
commentstyle=ACMPurple,
numberstyle= ,
belowskip=-1mm,
escapeinside=(*@@*)
newton
morekeywords=f
http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00003.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttp://www.debian.org/security/2016/dsa-3618http://www.openwall.com/lists/oss-security/2016/06/23/4http://www.securityfocus.com/bid/91401https://bugs.php.net/bug.php?id=72433https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731https://support.apple.com/HT207170http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00003.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttp://www.debian.org/security/2016/dsa-3618http://www.openwall.com/lists/oss-security/2016/06/23/4http://www.securityfocus.com/bid/91401https://bugs.php.net/bug.php?id=72433https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731https://support.apple.com/HT207170
2016-08-07
Published