CVE-2016-7479

Published: Jan 12, 2017Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

Affected (15)

Products: Php: Php

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Php Php	Version 7.0.0
Php Php	Version 7.0.10
Php Php	Version 7.0.11
Php Php	Version 7.0.12
Php Php	Version 7.0.14
Php Php	Version 7.0.1
Php Php	Version 7.0.2
Php Php	Version 7.0.3
Php Php	Version 7.0.4
Php Php	Version 7.0.5
Php Php	Version 7.0.6
Php Php	Version 7.0.7
Php Php	Version 7.0.8
Php Php	Version 7.0.9
Php Php	Version 7.1.0

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (16)

http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

Source: cve@checkpoint.com

Third Party Advisory

http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

Source: cve@checkpoint.com

ExploitTechnical DescriptionThird Party Advisory

http://www.securityfocus.com/bid/95151

Source: cve@checkpoint.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037659

Source: cve@checkpoint.com

https://access.redhat.com/errata/RHSA-2018:1296

Source: cve@checkpoint.com

https://bugs.php.net/bug.php?id=73092

Source: cve@checkpoint.com

Issue TrackingPermissions Required

https://security.netapp.com/advisory/ntap-20180112-0001/

Source: cve@checkpoint.com

https://www.youtube.com/watch?v=LDcaPstAuPk

Source: cve@checkpoint.com

Technical Description

http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

http://www.securityfocus.com/bid/95151

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037659

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2018:1296

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=73092

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://security.netapp.com/advisory/ntap-20180112-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.youtube.com/watch?v=LDcaPstAuPk

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

Timeline

No history available yet.