CVE-2016-7478

Priority
Description
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before
7.0.13, allows remote attackers to cause a denial of service (infinite
loop) via a crafted Exception object in serialized data, a related issue to
CVE-2015-8876.
Notes
mdeslaurcan't reproduce with 7.0.13, assumed fixed
php5 needs CVE-2016-9137 to be applied
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.21)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.13-0ubuntu0.16.04.1)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=eca84946a4e7269d59ea2d79b5f42117de89ae74 (possibly)
More Information

Updated: 2020-01-29 19:56:35 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)