vulnerability
Arch Linux: Denial of service (CVE-2016-7478)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 11, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 11, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, which refers to itself as the previous exception and causing exception::__toString to never to terminate.
Solution
arch-linux-upgrade-latest
References
- CVE-2016-7478
- https://attackerkb.com/topics/CVE-2016-7478
- URL-http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
- URL-http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
- URL-http://www.securityfocus.com/bid/95150
- URL-https://bugs.php.net/bug.php?id=73093
- URL-https://security.archlinux.org/ASA-201611-19
- URL-https://security.netapp.com/advisory/ntap-20180112-0001/
- URL-https://www.youtube.com/watch?v=LDcaPstAuPk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.