CVE-2016-10161 (retired)

Priority
Description
The object_common1 function in ext/standard/var_unserializer.c in PHP
before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via crafted serialized data that is mishandled in a
finish_nested_data call.
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.30)
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.21)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=16b3003ffc6393e250f069aa28a78dc5a2c064b2
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=fa2125df6766bb7edac0a0bf433940465da9af4b
Package
Upstream:released (7.0.15)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.15-0ubuntu0.16.04.2)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=16b3003ffc6393e250f069aa28a78dc5a2c064b2
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=9f560baef5eacbe3fdb6a23a2d4e1996a30a2d2c
More Information

Updated: 2019-03-26 12:18:33 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)