CVE-2016-7411

CRITICAL9.8EPSS 0.60%

發布日:2016/9/17修改日:2025/11/19

也稱為:ALPINE-CVE-2016-7411

描述

ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.

受影響套件(1)

Alpine/phpfrom 0, < 5.6.27-r0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(1)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-7411