CVE-2016-7478

Priority
Description
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before
7.0.13, allows remote attackers to cause a denial of service (infinite
loop) via a crafted Exception object in serialized data, a related issue to
CVE-2015-8876.
Notes
 mdeslaur> can't reproduce with 7.0.13, assumed fixed
 mdeslaur> php5 needs CVE-2016-9137 to be applied
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.21)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.13-0ubuntu0.16.04.1)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=eca84946a4e7269d59ea2d79b5f42117de89ae74 (possibly)
More Information

Updated: 2019-03-19 12:27:17 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)