ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-09-17T21:00:00
Updated: 2024-08-06T01:57:47.623Z
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7417
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-09-17T21:59:09.573
Modified: 2024-11-21T02:57:57.850
Link: CVE-2016-7417
Redhat