php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-08-07 03:59
Updated : 2018-01-04 18:31
NVD link : CVE-2016-5773
Mitre link : CVE-2016-5773
JSON object : View
CWE
CWE-416
Use After Free
Products Affected
php
- php