FKIE_CVE-2016-7479

Vulnerability from fkie_nvd - Published: 2017-01-12 00:59 - Updated: 2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
References
cve@checkpoint.comhttp://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7Third Party Advisory
cve@checkpoint.comhttp://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdfExploit, Technical Description, Third Party Advisory
cve@checkpoint.comhttp://www.securityfocus.com/bid/95151Third Party Advisory, VDB Entry
cve@checkpoint.comhttp://www.securitytracker.com/id/1037659
cve@checkpoint.comhttps://access.redhat.com/errata/RHSA-2018:1296
cve@checkpoint.comhttps://bugs.php.net/bug.php?id=73092Issue Tracking, Permissions Required
cve@checkpoint.comhttps://security.netapp.com/advisory/ntap-20180112-0001/
cve@checkpoint.comhttps://www.youtube.com/watch?v=LDcaPstAuPkTechnical Description
af854a3a-2127-422b-91ae-364da2661108http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdfExploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95151Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037659
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1296
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=73092Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180112-0001/
af854a3a-2127-422b-91ae-364da2661108https://www.youtube.com/watch?v=LDcaPstAuPkTechnical Description
Impacted products
Vendor Product Version
php php 7.0.0
php php 7.0.1
php php 7.0.2
php php 7.0.3
php php 7.0.4
php php 7.0.5
php php 7.0.6
php php 7.0.7
php php 7.0.8
php php 7.0.9
php php 7.0.10
php php 7.0.11
php php 7.0.12
php php 7.0.14
php php 7.1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B90B947-7B54-47F3-9637-2F4AC44079EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35848414-BD5D-4164-84DC-61ABBB1C4152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F8402-8551-4F66-A9A7-81D472AB058E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A773E8E-48CD-4D35-A0FD-629BD9334486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC492340-79AF-4676-A161-079A97EC6F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1C2D8FE-C380-4B43-B634-A3DBA4700A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB58393-0C10-413C-8D95-6BAA8BC19A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "751F51CA-9D88-4971-A6EC-8C0B72E8E22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B74118-8FC2-44CB-9673-A83DF777B2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D56A200-1477-40DA-9444-CFC946157C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0D1CCC-A857-4C15-899E-08F9255CEE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6745CC43-2836-4CD8-848F-EEA08AE9D5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "04146390-021D-4147-9830-9EAA90D120A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C68AA43-ED90-4B98-A5F8-4E210C2CC7CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In all versions of PHP 7, during the unserialization process, resizing the \u0027properties\u0027 hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "En todas las versiones de PHP 7, durante el proceso no serializado, redimensionando las \"propiedades\" de la tabla hash de un objeto serializado puede conducir a un uso despu\u00e9s de liberaci\u00f3n de memoria. Un atacante remoto puede explotar este error para obtener ejecuci\u00f3n de c\u00f3digo arbitraria."
    }
  ],
  "id": "CVE-2016-7479",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-12T00:59:00.140",
  "references": [
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95151"
    },
    {
      "source": "cve@checkpoint.com",
      "url": "http://www.securitytracker.com/id/1037659"
    },
    {
      "source": "cve@checkpoint.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugs.php.net/bug.php?id=73092"
    },
    {
      "source": "cve@checkpoint.com",
      "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Technical Description"
      ],
      "url": "https://www.youtube.com/watch?v=LDcaPstAuPk"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugs.php.net/bug.php?id=73092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description"
      ],
      "url": "https://www.youtube.com/watch?v=LDcaPstAuPk"
    }
  ],
  "sourceIdentifier": "cve@checkpoint.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.