Vulnerability & Exploit Database

Back to search

FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) May 16, 2016 June 28, 2016 March 21, 2018

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

freebsd-upgrade-package-php55

Related Vulnerabilities