9.8

CVE-2017-12933

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.6.30
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version7.0.10
PhpPhp Version7.0.11
PhpPhp Version7.0.12
PhpPhp Version7.0.13
PhpPhp Version7.0.14
PhpPhp Version7.0.15
PhpPhp Version7.0.16
PhpPhp Version7.0.17
PhpPhp Version7.0.18
PhpPhp Version7.0.19
PhpPhp Version7.0.20
PhpPhp Version7.1.0
PhpPhp Version7.1.1
PhpPhp Version7.1.2
PhpPhp Version7.1.3
PhpPhp Version7.1.4
PhpPhp Version7.1.5
PhpPhp Version7.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.94% 0.933
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://php.net/ChangeLog-7.php
Vendor Advisory
Release Notes
https://access.redhat.com/errata/RHSA-2018:1296
https://www.debian.org/security/2018/dsa-4081
https://www.debian.org/security/2018/dsa-4080
https://usn.ubuntu.com/3566-2/
http://www.securityfocus.com/bid/99490
Third Party Advisory
VDB Entry
https://bugs.php.net/bug.php?id=74111
Vendor Advisory
https://usn.ubuntu.com/3566-1/