CVE-2016-5773

CRITICAL

PHP < 5.5.37, 5.6.x < 5.6.23, 7.x < 7.0.8 - Remote Code Execution via ZipArchive Unserialize Use-After-Free

Title source: manual
STIX 2.1

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

References (12)

Core 12
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2750.html
Exploit, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=72434
Patch, Release Notes x_refsource_confirm
http://php.net/ChangeLog-5.php
Release Notes mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/23/4
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3618
Patch, Release Notes x_refsource_confirm
http://php.net/ChangeLog-7.php
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207170
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91397

Scores

CVSS v3 9.8
EPSS 0.1613
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (33)
php/php 5.6.0 alpha1 (9 CPE variants)
php/php 5.6.1
php/php 5.6.2
php/php 5.6.3
php/php 5.6.4
php/php 5.6.5
php/php 5.6.6
php/php 5.6.7
php/php 5.6.8
php/php 5.6.9
... and 23 more
Published Aug 07, 2016
Tracked Since Feb 18, 2026