Your submission was sent successfully! Close

CVE-2017-12932

Published: 18 August 2017

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
artful Does not exist

precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Does not exist

zesty Does not exist

php7.0
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.0.23)
xenial
Released (7.0.25-0ubuntu0.16.04.1)
zesty Ignored
(reached end-of-life)
php7.1
Launchpad, Ubuntu, Debian
artful Not vulnerable
(7.1.11-0ubuntu0.17.10.1)
precise Does not exist

trusty Does not exist

upstream
Released (7.1.9)
xenial Does not exist

zesty Does not exist