PHP Vulnerability That allows Remote and Local Users Execute Arbitrary Code on the Target System

Posted on Posted in PHP

Decription:
Multiple vulnerabilities were reported in PHP. A remote or local user can execute arbitrary code on the target system.
The specific impact depends on the application using PHP.

Changes:

  • A null pointer dereference may occur in zval_delref_p().
  • A null pointer dereference may occur in imap_mail().
  • A memory corruption error may occur in processing locale data [CVE-2016-7416].
  • A heap overflow may occur in the processing of BIT fields in mysqlnd [CVE-2016-7412].
  • An out-of-bounds memory error may occur in phar_parse_zipfile() [CVE-2016-7414].
  • An out-of-bounds memory error may occur in phar_parse_tarfile().
  • A memory corruption error may occur when unserializing SplArray [CVE-2016-7417].
  • A null pointer dereference may occur in shm_attach().
  • A use-after-free memory error may occur in wddx_deserialize() [CVE-2016-7413].
  • An out-of-bounds memory read error may occur in php_wddx_push_element() [CVE-2016-7418].
  • A memory corruption error may occur during deserialized object destruction [CVE-2016-7411]. Version 5.6.x is affected.

Affected versions: prior to versions 5.6.26, 7.0.11

Recommended action: upgrade to either 5.6.26 or 7.0.11.

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *