CVE-2016-7479
published 2017-01-12CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote…
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
41.94%
98.5th percentile
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openvpn | openvpn | >= 0 < 2.3.2-7ubuntu3.2 | 2.3.2-7ubuntu3.2 |
| openvpn | openvpn | >= 0 < 2.3.10-1ubuntu2.1 | 2.3.10-1ubuntu2.1 |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.21 | 5.5.9+dfsg-1ubuntu4.21 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered during PHP unserialization of objects — monitor or block untrusted serialized PHP object input reaching PHP 7 applications ↗
- →Technical exploitation details are documented in the Check Point PHP technical report — review for payload patterns and PoC serialized object structures ↗
- →Upstream PHP bug tracker entry (private) contains additional reproduction details for CVE-2016-7479 ↗
- ·All versions of PHP 7 prior to 7.1.1 are affected; the fix was introduced in PHP 7.1.1 ↗
- ·Red Hat marked multiple PHP packages across RHEL 5, 6, 7, OpenShift Enterprise 2, and rh-php56 as 'Will not fix', meaning patched RPMs are not available for those platforms via standard channels ↗
- ·The vulnerability is exploitable remotely — any PHP 7 application that deserializes attacker-controlled data is at risk of arbitrary code execution ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP regression
vendor_ubuntu·2017-03-02·CVSS 7.5
[HIGH] PHP regression
Title: PHP regression
Summary: USN-3211-1 introduced a regression in PHP.
USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.
Original advisory details:
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-02-23·CVSS 7.5
CVE-2016-7479 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (C
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-02-14·CVSS 9.8
CVE-2014-9912 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain arguments to the
locale_get_display_name function. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-9912)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
hang, resulting in a denial of service. (CVE-2016-7478)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was disc
Red Hat
php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
vendor_redhat·2016-12-27·CVSS 9.8
CVE-2016-7479 [CRITICAL] php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package: php (Red Hat Enterprise Linux 7) - Will not fix
Package: php (Red Hat OpenShift Enterprise 2) - Will not fix
Package: rh-php56-php (Red Hat Software Collections) - Will not fix
GHSA
GHSA-x9vm-7p3c-2c8q: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free
ghsa_unreviewed·2022-05-14
CVE-2016-7479 [CRITICAL] CWE-416 GHSA-x9vm-7p3c-2c8q: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
OSV
openvpn vulnerabilities
osv·2017-06-22·CVSS 5.9
CVE-2016-6329 openvpn vulnerabilities
openvpn vulnerabilities
Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block
ciphers are vulnerable to a birthday attack. A remote attacker could
possibly use this issue to recover cleartext data. Fixing this issue
requires a configuration change to switch to a different cipher. This
update adds a warning to the log file when a 64-bit block cipher is in use.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 16.10. (CVE-2016-6329)
It was discovered that OpenVPN incorrectly handled rollover of packet ids.
An authenticated remote attacker could use this issue to cause OpenVPN to
crash, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-7479)
Guido Vranken discovered that OpenVPN inc
OSV
php7.0 regression
osv·2017-03-02·CVSS 7.5
[HIGH] php7.0 regression
php7.0 regression
USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.
Original advisory details:
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unse
OSV
php7.0 vulnerabilities
osv·2017-02-23·CVSS 7.5
CVE-2016-7479 [HIGH] php7.0 vulnerabilities
php7.0 vulnerabilities
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-9935)
It was discovered that PHP incorrectly han
OSV
php5 vulnerabilities
osv·2017-02-14·CVSS 9.8
CVE-2014-9912 [CRITICAL] php5 vulnerabilities
php5 vulnerabilities
It was discovered that PHP incorrectly handled certain arguments to the
locale_get_display_name function. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-9912)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
hang, resulting in a denial of service. (CVE-2016-7478)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects
OSV
CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free
osv·2017-01-11·CVSS 9.8
CVE-2016-7479 [CRITICAL] CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
bugzilla·2017-01-12·CVSS 9.8
CVE-2016-7479 [CRITICAL] CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
CVE-2016-7479 php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Upstream bug (private as of now):
https://bugs.php.net/bug.php?id=73092
External Reference:
https://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1412647]
---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 6
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
Red Ha
Bugzilla
CVE-2016-7479 CVE-2017-5340 php: various flaws [fedora-all]
bugzilla·2017-01-12·CVSS 9.8
CVE-2016-7479 [CRITICAL] CVE-2016-7479 CVE-2017-5340 php: various flaws [fedora-all]
CVE-2016-7479 CVE-2017-5340 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdfhttp://www.securityfocus.com/bid/95151http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=73092https://security.netapp.com/advisory/ntap-20180112-0001/https://www.youtube.com/watch?v=LDcaPstAuPkhttp://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdfhttp://www.securityfocus.com/bid/95151http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=73092https://security.netapp.com/advisory/ntap-20180112-0001/https://www.youtube.com/watch?v=LDcaPstAuPk
2017-01-12
Published