Description

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

Remediation

References

CVE-2016-7479

Related Vulnerabilities

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17450)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9049)

WordPress Plugin Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)

GlassFish Improper Input Validation Vulnerability (CVE-2015-3237)

WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6)

Severity

Critical

Classification

CVE-2016-7479 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities