ID CVE-2017-12932
Summary ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:7.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:7.1.8:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 04-05-2018 - 01:29)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:1296
  • rhsa
    id RHSA-2019:2519
rpms
  • rh-php70-php-0:7.0.27-1.el6
  • rh-php70-php-0:7.0.27-1.el7
  • rh-php70-php-bcmath-0:7.0.27-1.el6
  • rh-php70-php-bcmath-0:7.0.27-1.el7
  • rh-php70-php-cli-0:7.0.27-1.el6
  • rh-php70-php-cli-0:7.0.27-1.el7
  • rh-php70-php-common-0:7.0.27-1.el6
  • rh-php70-php-common-0:7.0.27-1.el7
  • rh-php70-php-dba-0:7.0.27-1.el6
  • rh-php70-php-dba-0:7.0.27-1.el7
  • rh-php70-php-dbg-0:7.0.27-1.el6
  • rh-php70-php-dbg-0:7.0.27-1.el7
  • rh-php70-php-debuginfo-0:7.0.27-1.el6
  • rh-php70-php-debuginfo-0:7.0.27-1.el7
  • rh-php70-php-devel-0:7.0.27-1.el6
  • rh-php70-php-devel-0:7.0.27-1.el7
  • rh-php70-php-embedded-0:7.0.27-1.el6
  • rh-php70-php-embedded-0:7.0.27-1.el7
  • rh-php70-php-enchant-0:7.0.27-1.el6
  • rh-php70-php-enchant-0:7.0.27-1.el7
  • rh-php70-php-fpm-0:7.0.27-1.el6
  • rh-php70-php-fpm-0:7.0.27-1.el7
  • rh-php70-php-gd-0:7.0.27-1.el6
  • rh-php70-php-gd-0:7.0.27-1.el7
  • rh-php70-php-gmp-0:7.0.27-1.el6
  • rh-php70-php-gmp-0:7.0.27-1.el7
  • rh-php70-php-imap-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el6
  • rh-php70-php-intl-0:7.0.27-1.el7
  • rh-php70-php-json-0:7.0.27-1.el6
  • rh-php70-php-json-0:7.0.27-1.el7
  • rh-php70-php-ldap-0:7.0.27-1.el6
  • rh-php70-php-ldap-0:7.0.27-1.el7
  • rh-php70-php-mbstring-0:7.0.27-1.el6
  • rh-php70-php-mbstring-0:7.0.27-1.el7
  • rh-php70-php-mysqlnd-0:7.0.27-1.el6
  • rh-php70-php-mysqlnd-0:7.0.27-1.el7
  • rh-php70-php-odbc-0:7.0.27-1.el6
  • rh-php70-php-odbc-0:7.0.27-1.el7
  • rh-php70-php-opcache-0:7.0.27-1.el6
  • rh-php70-php-opcache-0:7.0.27-1.el7
  • rh-php70-php-pdo-0:7.0.27-1.el6
  • rh-php70-php-pdo-0:7.0.27-1.el7
  • rh-php70-php-pgsql-0:7.0.27-1.el6
  • rh-php70-php-pgsql-0:7.0.27-1.el7
  • rh-php70-php-process-0:7.0.27-1.el6
  • rh-php70-php-process-0:7.0.27-1.el7
  • rh-php70-php-pspell-0:7.0.27-1.el6
  • rh-php70-php-pspell-0:7.0.27-1.el7
  • rh-php70-php-recode-0:7.0.27-1.el6
  • rh-php70-php-recode-0:7.0.27-1.el7
  • rh-php70-php-snmp-0:7.0.27-1.el6
  • rh-php70-php-snmp-0:7.0.27-1.el7
  • rh-php70-php-soap-0:7.0.27-1.el6
  • rh-php70-php-soap-0:7.0.27-1.el7
  • rh-php70-php-tidy-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el6
  • rh-php70-php-xml-0:7.0.27-1.el7
  • rh-php70-php-xmlrpc-0:7.0.27-1.el6
  • rh-php70-php-xmlrpc-0:7.0.27-1.el7
  • rh-php70-php-zip-0:7.0.27-1.el6
  • rh-php70-php-zip-0:7.0.27-1.el7
  • rh-php71-php-0:7.1.30-1.el7
  • rh-php71-php-bcmath-0:7.1.30-1.el7
  • rh-php71-php-cli-0:7.1.30-1.el7
  • rh-php71-php-common-0:7.1.30-1.el7
  • rh-php71-php-dba-0:7.1.30-1.el7
  • rh-php71-php-dbg-0:7.1.30-1.el7
  • rh-php71-php-debuginfo-0:7.1.30-1.el7
  • rh-php71-php-devel-0:7.1.30-1.el7
  • rh-php71-php-embedded-0:7.1.30-1.el7
  • rh-php71-php-enchant-0:7.1.30-1.el7
  • rh-php71-php-fpm-0:7.1.30-1.el7
  • rh-php71-php-gd-0:7.1.30-1.el7
  • rh-php71-php-gmp-0:7.1.30-1.el7
  • rh-php71-php-intl-0:7.1.30-1.el7
  • rh-php71-php-json-0:7.1.30-1.el7
  • rh-php71-php-ldap-0:7.1.30-1.el7
  • rh-php71-php-mbstring-0:7.1.30-1.el7
  • rh-php71-php-mysqlnd-0:7.1.30-1.el7
  • rh-php71-php-odbc-0:7.1.30-1.el7
  • rh-php71-php-opcache-0:7.1.30-1.el7
  • rh-php71-php-pdo-0:7.1.30-1.el7
  • rh-php71-php-pgsql-0:7.1.30-1.el7
  • rh-php71-php-process-0:7.1.30-1.el7
  • rh-php71-php-pspell-0:7.1.30-1.el7
  • rh-php71-php-recode-0:7.1.30-1.el7
  • rh-php71-php-snmp-0:7.1.30-1.el7
  • rh-php71-php-soap-0:7.1.30-1.el7
  • rh-php71-php-xml-0:7.1.30-1.el7
  • rh-php71-php-xmlrpc-0:7.1.30-1.el7
  • rh-php71-php-zip-0:7.1.30-1.el7
refmap via4
bid 100427
confirm
debian DSA-4080
gentoo GLSA-201709-21
Last major update 04-05-2018 - 01:29
Published 18-08-2017 - 03:29
Last modified 04-05-2018 - 01:29
Back to Top