Vulnerability & Exploit Database

Back to search

FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) May 15, 2016 June 27, 2016 October 29, 2017

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

freebsd-upgrade-package-php55

Related Vulnerabilities