CVE-2017-5340
published 2017-01-11CVE-2017-5340: Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
16.69%
96.6th percentile
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | >= 7.0.0 < 7.0.15 | 7.0.15 |
| php | php | >= 7.1.0 < 7.1.1 | 7.1.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mcgr-9688-597c: Zend/zend_hash
ghsa_unreviewed·2022-05-14
CVE-2017-5340 [CRITICAL] CWE-190 GHSA-mcgr-9688-597c: Zend/zend_hash
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
OSV
php7.0 regression
osv·2017-03-02·CVSS 7.5
[HIGH] php7.0 regression
php7.0 regression
USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.
Original advisory details:
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unse
OSV
php7.0 vulnerabilities
osv·2017-02-23·CVSS 7.5
CVE-2016-7479 [HIGH] php7.0 vulnerabilities
php7.0 vulnerabilities
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-9935)
It was discovered that PHP incorrectly han
OSV
CVE-2017-5340: Zend/zend_hash
osv·2017-01-11·CVSS 9.8
CVE-2017-5340 [CRITICAL] CVE-2017-5340: Zend/zend_hash
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Ubuntu
PHP regression
vendor_ubuntu·2017-03-02·CVSS 7.5
[HIGH] PHP regression
Title: PHP regression
Summary: USN-3211-1 introduced a regression in PHP.
USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15
upstream release. PHP 7.0.15 introduced a regression when using MySQL with
large blobs. This update fixes the problem with a backported fix.
Original advisory details:
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2017-02-23·CVSS 7.5
CVE-2016-7479 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (C
Red Hat
php: Use of uninitialized memory in unserialize()
vendor_redhat·2016-12-29·CVSS 9.8
CVE-2017-5340 [CRITICAL] CWE-456 php: Use of uninitialized memory in unserialize()
php: Use of uninitialized memory in unserialize()
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package: php (Red Hat Enterprise Linux 7) - Will not fix
Package: php (Red Hat OpenShift Enterprise 2) - Will not fix
Package: rh-php56-php (Red Hat Software Collections) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-7479 CVE-2017-5340 php: various flaws [fedora-all]
bugzilla·2017-01-12·CVSS 9.8
CVE-2016-7479 [CRITICAL] CVE-2016-7479 CVE-2017-5340 php: various flaws [fedora-all]
CVE-2016-7479 CVE-2017-5340 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While
Bugzilla
CVE-2017-5340 php: Use of uninitialized memory in unserialize()
bugzilla·2017-01-12·CVSS 9.8
CVE-2017-5340 [CRITICAL] CVE-2017-5340 php: Use of uninitialized memory in unserialize()
CVE-2017-5340 php: Use of uninitialized memory in unserialize()
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects and calling attacker controlled destructor function pointers, effectively allowing arbitrary code execution.
Upstream bug:
https://bugs.php.net/bug.php?id=73832
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1412647]
---
This issue happens when untrusted input is unserialized. Doing so is documented as being unsafe:
http://php.net/manual/en/function.unserialize.php
Do not pass untrusted user input to unserialize(). Unserialization can
result in code being lo
http://www.securityfocus.com/bid/95371http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=73832https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12https://security.netapp.com/advisory/ntap-20180112-0001/http://www.securityfocus.com/bid/95371http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=73832https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12https://security.netapp.com/advisory/ntap-20180112-0001/
2017-01-11
Published