CVE-2016-5773
Published: 24 June 2016
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
Notes
Author | Note |
---|---|
mdeslaur | Applications should never deserialize unauthenticated data. precise needs backported fix we will not be fixing this in Ubuntu 12.04 LTS. We recommend validating untrusted data before unserializing. |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
precise |
Ignored
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.19)
|
|
upstream |
Released
(5.6.23)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=f6aef68089221c5ea047d4a74224ee3deead99a6 |
||
php7.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(7.0.8)
|
|
wily |
Does not exist
|
|
xenial |
Released
(7.0.8-0ubuntu0.16.04.1)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=f6aef68089221c5ea047d4a74224ee3deead99a6 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |