CVE-2017-5340
Published: 11 January 2017
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Notes
| Author | Note |
|---|---|
| mdeslaur | doesn't affect php5 |
Priority
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
php7.0 Launchpad, Ubuntu, Debian |
upstream |
Released
(7.0.15)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Released
(7.0.15-0ubuntu0.16.04.2)
|
|
| yakkety |
Released
(7.0.15-0ubuntu0.16.10.2)
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=4cc0286f2f3780abc6084bcdae5dce595daa3c12 |
||