Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Use After Free Vulnerability (CVE-2016-9137)

Description

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Remediation

References

Related Vulnerabilities

WordPress Plugin underConstruction Cross-Site Request Forgery (1.08)

WordPress Plugin Attendance Manager Multiple Vulnerabilities (0.5.6)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.24)

WordPress Plugin WP Symposium SQL Injection (15.1)

WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.5)

Severity

Critical

Classification

CVE-2016-9137 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities