ID CVE-2016-9935
Summary The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
References
Vulnerable Configurations
  • PHP 5.6.28
    cpe:2.3:a:php:php:5.6.28
  • PHP 7.0.0
    cpe:2.3:a:php:php:7.0.0
  • PHP 7.0.1
    cpe:2.3:a:php:php:7.0.1
  • PHP 7.0.2
    cpe:2.3:a:php:php:7.0.2
  • PHP 7.0.3
    cpe:2.3:a:php:php:7.0.3
  • PHP 7.0.4
    cpe:2.3:a:php:php:7.0.4
  • PHP 7.0.5
    cpe:2.3:a:php:php:7.0.5
  • PHP 7.0.6
    cpe:2.3:a:php:php:7.0.6
  • PHP 7.0.7
    cpe:2.3:a:php:php:7.0.7
  • PHP 7.0.8
    cpe:2.3:a:php:php:7.0.8
  • PHP 7.0.9
    cpe:2.3:a:php:php:7.0.9
  • PHP 7.0.10
    cpe:2.3:a:php:php:7.0.10
  • PHP 7.0.11
    cpe:2.3:a:php:php:7.0.11
  • PHP 7.0.12
    cpe:2.3:a:php:php:7.0.12
  • PHP 7.0.13
    cpe:2.3:a:php:php:7.0.13
CVSS
Base: 7.5 (as of 05-01-2017 - 13:16)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1505.NASL
    description This security update for php5 fixes the following issues : - a call to ImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933, boo#1015187) - deserialization of a WDDX packet containing a PDORow object could crash php (CVE-2016-9934, boo#1015188) - deserialization of a WDDX packet containing an empty boolean element could crash php (CVE-2016-9935, boo#1015189)
    last seen 2019-02-21
    modified 2017-01-27
    plugin id 96130
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96130
    title openSUSE Security Update : php5 (openSUSE-2016-1505)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0038-1.NASL
    description This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119990
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119990
    title SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)
  • NASL family CGI abuses
    NASL id PHP_7_0_14.NASL
    description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.14. It is, therefore, affected by a remote code execution vulnerability due to a memory corruption issue in the php_wddx_push_element() function in ext/wddx/wddx.c that occurs when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 95875
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95875
    title PHP 7.0.x < 7.0.14 php_wddx_push_element() Function Empty Boolean Element Decoding RCE
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3737.NASL
    description Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for more information : https://php.net/ChangeLog-5.php#5.6.29
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 96016
    published 2016-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96016
    title Debian DSA-3737-1 : php5 - security update
  • NASL family CGI abuses
    NASL id PHP_5_6_29.NASL
    description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935) - A flaw exists in the in the openssl_pbkdf2() function in ext/openssl/openssl.c that is triggered when handling overly large key length parameters. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 95874
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95874
    title PHP 5.6.x < 5.6.29 Multiple Vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-787.NASL
    description A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution. (CVE-2016-8670) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP before 5.6.28 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 96805
    published 2017-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96805
    title Amazon Linux AMI : php56 (ALAS-2017-787)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_12_4.NASL
    description The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 99134
    published 2017-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99134
    title macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-347-03.NASL
    description New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2018-09-01
    modified 2017-09-21
    plugin id 95725
    published 2016-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95725
    title Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-788.NASL
    description The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137) Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933) ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934) The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935) The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 96806
    published 2017-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96806
    title Amazon Linux AMI : php70 (ALAS-2017-788)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3196-1.NASL
    description It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 97190
    published 2017-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97190
    title Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3211-2.NASL
    description USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 97521
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97521
    title Ubuntu 16.04 LTS / 16.10 : php7.0 regression (USN-3211-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0109-1.NASL
    description This update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] - CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] - Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96431
    published 2017-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96431
    title SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201702-29.NASL
    description The remote host is affected by the vulnerability described in GLSA-201702-29 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-02-27
    plugin id 97272
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97272
    title GLSA-201702-29 : PHP: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-818.NASL
    description Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. - CVE-2016-2554 Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. - CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. - CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. - CVE-2016-4342 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. - CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. - CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. - CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. - CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. - CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. - CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. - BUG-71323.patch Output of stream_get_meta_data can be falsified by its input - BUG-70979.patch Crash on bad SOAP request - BUG-71039.patch exec functions ignore length but look for NULL termination - BUG-71459.patch Integer overflow in iptcembed() - BUG-71391.patch NULL pointer Dereference in phar_tar_setupmetadata() - BUG-71335.patch Type confusion vulnerability in WDDX packet deserialization For Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u7. We recommend that you upgrade your php5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 97052
    published 2017-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97052
    title Debian DLA-818-1 : php5 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-61.NASL
    description This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2017-01-27
    plugin id 96380
    published 2017-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96380
    title openSUSE Security Update : php7 (openSUSE-2017-61)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-308.NASL
    description This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2017-03-07
    plugin id 97566
    published 2017-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97566
    title openSUSE Security Update : php5 (openSUSE-2017-308)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-62.NASL
    description This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2017-01-27
    plugin id 96381
    published 2017-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96381
    title openSUSE Security Update : php5 (openSUSE-2017-62)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3211-1.NASL
    description It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 97384
    published 2017-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97384
    title Ubuntu 16.04 LTS / 16.10 : php7.0 vulnerabilities (USN-3211-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6972668DCDB711E6A9A5B499BAEBFEAF.NASL
    description The PHP project reports : - Use After Free Vulnerability in unserialize() (CVE-2016-9936) - Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 96221
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96221
    title FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0017-1.NASL
    description This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] - CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] - CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] - CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119989
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119989
    title SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)
redhat via4
advisories
rhsa
id RHSA-2018:1296
refmap via4
bid 94846
confirm
debian DSA-3737
gentoo GLSA-201702-29
mlist [oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0
suse
  • openSUSE-SU-2016:3239
  • openSUSE-SU-2017:0061
  • openSUSE-SU-2017:0081
Last major update 17-01-2017 - 21:59
Published 04-01-2017 - 15:59
Last modified 03-05-2018 - 21:29
Back to Top