CVE-2016-5773

critical

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

References

https://support.apple.com/HT207170

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

http://www.securityfocus.com/bid/91397

http://www.openwall.com/lists/oss-security/2016/06/23/4

http://www.debian.org/security/2016/dsa-3618

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://php.net/ChangeLog-7.php

http://php.net/ChangeLog-5.php

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://github.com/php/php-src/commit/f6aef68089221c5ea047d4a74224ee3deead99a6?w=1

Details

Source: Mitre, NVD

Published: 2016-08-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical