Description
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages3 packages
🔴Vulnerability Details
5GHSAGHSA-7w96-3v7r-6g9j: php_zip↗2022-05-14 GHSAGHSA-qfmg-9m9f-p46q: ext/snmp/snmp↗2022-05-14 OSVphp5, php7.0 vulnerabilities↗2016-08-02 OSVCVE-2016-6295: ext/snmp/snmp↗2016-07-25 OSVCVE-2016-5773: php_zip↗2016-06-24 📋Vendor Advisories
4AppleCVE-2016-5773: macOS Sierra 10.12↗2016-09-20 UbuntuPHP vulnerabilities↗2016-08-02 Red Hatphp: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize↗2016-06-23 Red Hatphp: Use after free in SNMP with GC and unserialize()↗2016-06-23 📄Research Papers
1arXivTowards Automated Application-Specific Software Stacks↗2019-09-16 💬Community
2BugzillaCVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize↗2016-06-29 BugzillaCVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]↗2016-06-29