cbcvebase.
CVE-2016-7479
published 2017-01-12

CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote…

PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
41.94%
98.5th percentile
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

Affected

18 ranges
VendorProductVersion rangeFixed in
openvpnopenvpn>= 0 < 2.3.2-7ubuntu3.22.3.2-7ubuntu3.2
openvpnopenvpn>= 0 < 2.3.10-1ubuntu2.12.3.10-1ubuntu2.1
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
php5php5>= 0 < 5.5.9+dfsg-1ubuntu4.215.5.9+dfsg-1ubuntu4.21

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered during PHP unserialization of objects — monitor or block untrusted serialized PHP object input reaching PHP 7 applications
  • Technical exploitation details are documented in the Check Point PHP technical report — review for payload patterns and PoC serialized object structures
  • Upstream PHP bug tracker entry (private) contains additional reproduction details for CVE-2016-7479
  • ·All versions of PHP 7 prior to 7.1.1 are affected; the fix was introduced in PHP 7.1.1
  • ·Red Hat marked multiple PHP packages across RHEL 5, 6, 7, OpenShift Enterprise 2, and rh-php56 as 'Will not fix', meaning patched RPMs are not available for those platforms via standard channels
  • ·The vulnerability is exploitable remotely — any PHP 7 application that deserializes attacker-controlled data is at risk of arbitrary code execution

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.