Home CVE Database CVE-2016-5773

CVE-2016-5773

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Priority: HIGH
CVSS v3: 9.8
Publish Date: Aug 7, 2016
Related ID: --
CVSS v2: Critical
Modified Date: Aug 10, 2016

Find out more about CVE-2016-5773 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

php

Live chat
Online